To fully grasp the value of AWS Outposts, consider this common challenge: As you migrate applications to AWS, are there certain workloads that must remain on-premises?

These applications may require near real-time responsiveness for end-user interactions, seamless communication with other on-premises systems, or direct control over on-site equipment. Examples include factory floor automation in manufacturing, real-time patient diagnostics and medical imaging in healthcare, and high-performance content and media streaming.

Additionally, you may need a solution to securely store and process sensitive customer data that must remain on-premises or within specific geographic locations outside of an AWS Region. Whether it’s running data-intensive workloads locally, ensuring low-latency data processing, or maintaining stringent control over data analysis, backup, and recovery, AWS Outposts provides the ideal hybrid cloud solution to meet these demands

A VPC spans all Availability Zones in its AWS Region. You can extend any VPC in the Region to your Outpost by adding an Outpost subnet.

The diagram shows the relation between your Outposts and the AWS Cloud. Your Outposts family device (Outposts rack or Outposts server) is configured on premises on your network. Other on-premises devices such as a local server can communicate with Outposts. Your Outposts device is linked to a specific Availability Zone—in this case, ap-southeast-1a. The subnets have been removed from the diagram for simplicity. Adding an Outposts subnet extends your VPC to your on-premises network.

Outposts support multiple subnets. You choose the EC2 instance subnet when you launch the EC2 instance in your Outpost. You cannot choose the underlying hardware where the instance is deployed, because the Outpost is a pool of AWS compute and storage capacity.

Each Outpost can support multiple VPCs that can have one or more Outpost subnets. You create Outpost subnets from the VPC CIDR range where you created the Outpost. You can use the Outpost address ranges for resources, such as EC2 instances that reside in the Outpost subnet. AWS does not directly advertise the VPC CIDR or the Outpost subnet range to your on-premises location.

Run AWS Services Locally

You can create resources on your Outpost to support low-latency workloads that must run in close proximity to on-premises data and applications.

Outposts Setup (1 of 5)

Order

Select your compute and storage capacity

Install

AWS delivers and install the Outposts

Launch

Use standard AWS APIs or the AWS Management Console to launch and run AWS resources locally

Outposts Setup (2 of 5)

AWS Outposts is designed to operate with a constant and consistent connection between your Outpost and an AWS Region. To achieve this connection to the Region and to the local workloads in your on-premises environment, you must connect your Outpost to your on-premises network. Your on-premises network must provide wide area network (WAN) access back to the Region and to the internet. It must also provide local area network (LAN) or WAN access to the local network where your on-premises workloads or applications reside.

Outposts Setup (3 of 5)

Starting Architecture

Outposts Setup (4 of 5)

You can seamlessly extend your VPC on premises by creating a subnet and associating it with an Outpost, the same as how you associate subnets with an Availability Zone in the cloud.

AWS Outposts extends an Amazon VPC from an AWS Region to an Outpost with the VPC components that are accessible in the Region, including internet gateways, virtual private gateways, transit gateways, and VPC endpoints. An Outpost is homed to an Availability Zone in the Region, and it is an extension of that Availability Zone that you can use for resiliency.

Outposts Setup (5 of 5)

Because the control plane is in the public Region, you can access a wide range of AWS services locally on your Outpost or in the Region through public endpoints or privately through the VPN. Instances in the Outpost can securely talk to other instances in your VPC through private IP addresses. Use interface endpoints or gateway endpoints (powered by AWS PrivateLink) to access all Regional AWS services in your private VPC environment.