GigaVUE Cloud Suite for AWS Secret Regions
Commercial Cloud Services (C2S) and Secret Commercial Cloud Services (SC2S) are the secure AWS Secret Regions for Intelligence Community (IC) of U.S. Government. In GigaVUE-FM, a user with appropriate agency name, mission, and role can toggle to an AWS Secret Region (C2S or SC2S) for IC's Cloud environment. Refer to GigaVUE Cloud Suite for AWS Configuration Guide for detailed information on regular AWS configuration.
About AWS Secret Regions
There are many security enhancements and features contained in AWS secret regions than a regular AWS cloud service. Following are the key features of AWS secret regions.
- No outbound internet access—Users can not access GigaVUE-FM and C2S/SC2S services without a proxy connection.
- Reduced set of AWS services and/or components—Secret Regions have limited set of AWS services and resources. While many fundamental AWS services such as EC2 and S3 are available, and many of the managed services like AWS Elastic BeanStalk, AWS EFS, AWS Lambda, AWS CodeDeploy, AWS CodeCommit, etc. are absent.
- Secured access—Access to the IC's cloud environment is based on two-way SSL communication through PKI certificates. For the IAM users, access to C2S/SC2S is only through tokens. C2S/SC2S has a built-in CAP module that is placed between the vendor software and the IAM services.
- For C2S, GigaVUE-FM calls CAP for AWS token bypassing the appropriate Agency, Mission, and Role.
- For SC2S, GigaVUE-FM first calls CAP to retrieve the agency, account name, and role name then pass in the appropriate agency, account name, and role.
Note: The session token is always associated with expiration and GigaVUE-FM needs to renew the session token before expiration.
- Network differences—The AWS secret regions utilize service endpoints with different DNS names and requires users to provide the service endpoints.
Set up AWS Secret Region
To set up AWS Secret Region:
- In GigaVUE-FM, select Cloud > AWS > Settings. The Settings page appears.
- On the Advanced tab of the Settings page, click Edit.
- On Aws secret region field, select any of the following secret regions.
- Secret—C2S (Commercial Cloud Services)
- Top Secret—SC2S (Secret Commercial Cloud Services)
- Click Save. Then the Secret Regions tab appears in the Settings page.
- Click Secret Region tab and then click Edit.
- On the Secret Region page, enter or select the values and files as follows.
- Click Certification, and select .pem files for Certification
Or,
Click Trust Store, select a .pem file, and enter a password for Trust Store. - Select a .p12 file, and enter a password or Server Key.
- Enter CAP Base URL, and AWS EC2 Endpoint.
- Click Certification, and select .pem files for Certification
- Click Save.