AWS Dedicated Local Zones

AWS Dedicated Local Zones features

Get Started with AWS Dedicated Local Zones

Page topics

Open all

Dedicated environment and resources with verifiable control over data access, strictly limited to only your organization or community
Helps meet digital sovereignty requirements with local compute, storage, and database services
Data protection and privacy to keep and protect customer content in DLZ with technical, operational, and contractual measures that AWS provides
Edge computing environments and accelerated compute instances with feature-rich, high-performance file systems and storage
Support for globally distributed real-time inference, data resident AI and machine learning (AI/ML), large and small language models (LLMs and SLMs), and High Performance Computing (HPC)
Operational expertise with the option for you to specify security requirements for AWS personnel managing DLZ

Familiar AWS services, architecture, APIs, and tools for reduced operational complexity and an experience consistent with AWS Regions
Deployed in your specified location, on-premises, in a co-location data center, or an AWS site
Reduces the operational work to provision and manage capacity for shared multi-tenant resources
Designed for high availability with redundant networking, power, and reliable auto recovery workflows
You can also have multiple Dedicated Local Zones for even higher availability and more data protection with AWS Elastic Disaster Recovery
Honors Region and service-level SLA's in DLZs deployed in two or more isolated locations
Migration services to help you move and modernize your existing apps and data into your new environment, including AWS Application Migration Service
Operates seamlessly with security and management services available in the parent AWS region
Offers options to configure infrastructure to inherit the certifications and attestation of its parent Region

Follows the AWS Shared Responsibility Model for security of the cloud and security in the cloud
Helps meet your specific clearance requirements for AWS operating personnel in the hardware environment, such as residency or nationality
Provides data encryption capabilities, monitoring for oversight, plus transparency and auditability
With the AWS Nitro system, virtualization resources are offloaded to dedicated hardware and software, minimizing the attack surface, prohibiting administrative access, and eliminating the possibility of human error and tampering
Security: Additional access protections including AWS Nitro, AWS CloudTrail, AWS Control Tower, AWS IAM, AWS Key Management Service (KMS), AWS CloudHSM, and service control policies (SCPs)
Built to AWS and industry-leading security best practices and standards, protected 24x7

Compute: Select from most Amazon EC2 instances including general purpose, compute-intensive, memory-intensive, storage-optimized, HPC-optimized, and accelerated computing
Storage: Pick your preferred storage including Amazon EBS, EBS with Snapshots, Amazon S3 including S3 Express One Zone and S3 One Zone-Infrequent Access classes, and Amazon FSx
Networking: Define your network with available services including Route53 for geoproximity routing, Amazon VPC, AWS Direct Connect, NAT Gateway, AWS Transit Gateway, Elastic Load Balancing (ELB), and IPv4/IPv6 support
Workloads: Choose from services like Amazon EKS, Amazon ECS, and Amazon EMR
Management: Leverage AWS tools running in the parent AWS Region such as AWS CloudFormation, Amazon CloudWatch, AWS CloudTrail, and AWS Elastic BeanStalk to run and manage applications

Define the services, features, detailed configuration, and security requirements for your Dedicated Local Zones and work with AWS on a build-out plan
Fully AWS-managed infrastructure, where AWS builds, operates, and maintains the Dedicated Local Zone to reduce operational overhead and administrative burden on customers
Launch, acceptance, and orientation including establishing management, access, training, processes, and roll-out to your community