Public cloud providers for B.C. government
AWS is presently the only public cloud service provider for the B.C. government that allow teams to build and deploy applications.
We manage space in AWS called the B.C. government landing zone (previously known as the SEA). This is a modified AWS environment with safety measures and tools to help protect your apps and data. The landing zone meets B.C. government security and privacy standards and is suitable for information up to and including Protected B data.
The B.C. government landing zone in AWS meets requirements for the Government of Canada’s Protected B Medium Integrity Medium Availability (PBMM) security category, in compliance with the Security Control Profile for Cloud-based GC Services. This also meets requirements for the B.C. government’s Protected B information security classification.
Any B.C. government ministry team can work in the B.C. government AWS landing zone.
If you’re part of a less experienced team, it may take more time and effort to learn how to work well in the public cloud. Our public cloud guide can help you prepare and ensure that you have the right skills and roles to begin working in AWS.
When to use AWS
Choose AWS if you want to:
- Build and deploy a new web or mobile application
- Migrate an existing, cloud native application to the public cloud
- Store, manage and analyze data
- Set up backup and data recovery
- Track analytics
Keep these limitations in mind when deciding whether to use AWS:
- Network access. There is no dedicated connection between B.C. government data centres and the public cloud service provider data centres. As a result, hosting hybrid applications with components hosted in the public cloud and in the B.C. government’s on-premises data centres isn’t recommended at this time. Learn more about network access restrictions
- Canada (Central) services. In compliance with the B.C. government’s security and privacy standards, you can only access AWS services that are available in the AWS Canada (Central) region
Canada (Central) services
In compliance with the B.C. government’s security and privacy standards, you can only access AWS services that are available in the AWS Canada (Central) region. The B.C. government AWS landing zone has restrictions in place to prevent you from using any service that is outside of this region.
To find services available in Canada, go to the AWS regional product list and select “Canada (Central)” in the “Region” drop-down menu.
AWS service catalogue
All AWS services require you to complete mandatory security and privacy assessments. The only time you don’t need to do this is if the tool has already passed these assessments and is included in our AWS service catalogue.
Browse the AWS service catalogue.
For detailed cost information, review the costs and billing section of our 101 guide.
Security and privacy
We’ve completed an overarching Security Threat and Risk Assessment (STRA) and Privacy Impact Assessment (PIA) for the use of AWS services.
We also complete STRAs and PIAs for some services available through AWS Marketplace and will continue assessing new services on an ongoing basis. Once assessments are completed, we add services that pass assessments to our catalogue of approved AWS services. You can use these services without having to complete your own security and privacy assessments.
You must complete a Privacy Impact Assessment (PIA) and Security Threat and Risk Assessment (STRA) for each new application you provision in AWS. If your application uses an AWS service and isn’t already approved in the AWS service catalogue, you must complete STRA and PIA for this service on your own. Share any STRAs and PIAs that your team completes for AWS services with the Public Cloud Accelerator team so that we can add these services to our catalog of approved AWS services.
Learn more about security and privacy in AWS.