FAQ: Amazon Web Services (AWS) Canadian Region
What you need to know about the AWS Canada (Central) Region.
This FAQ is specifically interesting for Organisations compelled by law, like public sector in British Columbia and Newfoundland, to keep their Personal Information data in Canada. As well as many organisations in Canada who are generally concerned about where their data resides, and intend to keep it under Canadian courts jurisdiction, and not hosted in the United States for various reasons.
Will my workloads run on the AWS Cloud?
95%+ of workloads work on AWS. This includes Windows Server or Linux systems using either x86 or x64 architectures. If you have a Itanium, Solaris, Mainframe or AS400 based system to migrate, some additional planning will be needed.
There are several ways to start adding workloads to AWS. You can start building new instances using Windows Server 2008+ (click here for Windows 2003) or choose from a collection of Linux distributions, including Amazon Linux.
You can also migrate existing systems to AWS. AWS supports multiple platforms and offers several tools and services to help get your VMs running up in the Cloud.
There are a several things to remember when planning your migration. When you select your desired instance types, make sure the type of virtualization is supported. Also consider how you want to license your system. For example you can have AWS provide a Windows license for you, or you may be able to bring your own. There are several options available, including 3rd party licensed solutions in the AWS Marketplace
If you have questions or need help with planning your migration, please contact us.
Will the Region work today?
When AWS releases something General Availability, it works, period. We encourage you to go try it for yourself, aws.amazon.com.
Will my data stay in Canada?
AWS clients have control over their content and where it resides. Unless you move it out of the Canada Central region (Montreal) yourself, it will remain there. AWS will not move your data except as legally required and as necessary to maintain AWS services. Please review this AWS web page around privacy.
What AWS Services will be Available in the Region?
Most the of primary services are currently available, this includes:
- Amazon Elastic Compute Cloud (EC2)
- Amazon Elastic MapReduce
- Amazon CloudWatch
- Amazon DynamoDB
- Amazon EC2 Container Service (ECS)
- Amazon ElastiCache
- Amazon Kinesis Streams
- Amazon Simple Notification Service (SNS)
- Amazon Simple Queue Service (SQS)
- Amazon Simple Storage Service (S3)
- Amazon Virtual Private Cloud (VPC)
- AWS CloudFormation
- AWS Key Management Service
- AWS Direct Connect
- AWS Elastic Beanstalk
- AWS CodeDeploy
- AWS Storage Gateway
- Amazon Relational Database Service (RDS)
- Amazon Redshift
For a complete list please visit the Region Services Table
What about route sovereignty?
How do I ensure my data does not traverse outside of Canadian borders? If this is a concern for compliance or regulation like FOIPPA and PIPEDA, there are ways to make ensure route sovereignty, i.e. your data doesn’t transit out of Canada. AWS provides a service called Direct Connect. Combined with your carrier or a provider you can ensure your data stays and is only accessed in Canada.
Is my data secure?
AWS is a battleship carrier armed with a thousand of the world's best security engineers, on a robust proven security driven platform, used by the NSA and the CIA. Their business depends on protecting your data.
AWS continues to provide innovations to help make security easier for your teams to implement, maintain, and audit.
AWS invests heavily in platform security to keep your systems and data safe. They focus on physical security, network security, and audited processes to allow anyone access to a best of breed data center design. They also provide suites of tools to help you extend security best practices to your workloads. This can help keep you secure and efficient at scale so you can focus on being agile and while keep your systems high performing and secure.
Can AWS access my data?
AWS will not access your data. They have over 1 million active businesses using their service. Trust is their number one highest priority and directive. If you are concerned about this we recommend that you encrypt your data and keep the keys. See the question around encryption for some ideas on this topic.
What about Disaster Recovery and Availability?
The Montreal region is not a single data centre, but multiple data centres organized in what AWS calls Availability Zones (AZ’s). Each AZ has an isolated grid power, fibre connectivity and is on a different floodplain and within 20KM radius of one another. Each AZ may contain one or more data centres and Montreal has 2
AZ’s. Best practice architecture calls for using multiple AZ’s in your deployment offering sub-milliseconds connectivity and delivery high availability to your applications. This design is what really distinguishes AWS from other cloud providers.
You can use another AWS region as a secondary site to host your data. Since this is purely for Disaster Recovery, your alternatives are 4 Regions in the United States. If you are concerned about hosting your data in the US, AWS has 15 Regions around the world including, as an example, Frankfurt, Germany which has very strict privacy laws which could be a good secondary Region. Others maybe Singapore, London, UK, or Dublin, Ireland. Learn about the various AWS Regions
Latency from the west or east coast?
This really depends on where your users are, where and how the data is being processed, and your workload or application architecture. From Vancouver to Montreal you’re looking at around 70-80ms, from Calgary, around 60-70ms, and less as you drive east. Halifax to Montreal is around 25ms. In most cases you can design around this by processing the data in AWS, and only sending results back to users. Many systems today are designed to take latency into account.
There are also AWS edge location services like CloudFront (Content Distribution Network), AWS WAF (Web Application Firewall), Route53 and API Gateway that can help to improve network performance by having a closer public entrypoint into the AWS optimized network, or leverage caching services. AWS has around 60 edge locations including Toronto, Montreal, Seattle and Minneapolis.
There are network connectivity service like AWS Direct Connect which may improve network performance.
AWS is an American company and our data is exposed to the Patriot Act?
Ignoring the fact you are probably doing something pretty bad if the US government is seeking data under the Patriot Act. Or if you are plainly non-trusting of the US authorities. Let’s start off with AWS’ stance on releasing information to the US or any foreign Government: If you read this short article written by AWS CISO Stephen Schmitt you will see their track record over time and AWS resistance to disclosing any information where there are no legal requirements. They will only disclose information if required to by law, and will notify you unless they are prohibited from doing so by law. They have a track record of challenging subpoenas and protecting customers data. In addition, AWS opposed any prohibition on encryption and has a firm stance on enabling customers with strong encryption technology and the ability to use their own keys.
For true protection, we always recommend you encrypt your data. Besides being best practices, and required to meet most compliance standards, encryption is the best way to secure and keep your data private. Using an HSM vault on-premise, in Canada, will ensure the keys to your data stay with you. AWS provides a variety of services that support this encryption design.
My organisation has no experience with cloud. Where do we start?
The Cloud represents a major change. As one of our customers who migrated to AWS says, “Toto we’re not in Kansas anymore”. It really is an opportunity to drastically improve on your business and the ability to take advantage of technology instead of worrying about infrastructure. In our experience, we recommend you start with one workload at a time, and as you learn and become more comfortable, you move more. This is the practical approach and gives the organisation a chance to digest the change and learn about the capabilities of Cloud. We also recommend you use a Partner who has done this before and understands the various steps and challenges on this journey to the cloud. As you learn, your organisation will be better equipped to make decisions and develop strategies around how to take advantage of this dynamic environment and ensure you are secure and operating cost effectively.
What currency will I be billed in for the Montreal region?
AWS service usage prices are based on US currency. When your bill is generated, service consumption will be calculated and priced in USD. If you choose to set your account currency to Canadian Dollars, the calculated value will be adjusted to CAD using foreign exchange rates set at the time of processing.
This means if you had the same 2 TB of storage in S3 for both January and February the invoice line item in CAD could be different based on the exchange rate at time of invoicing.
Click here for additional details on payment currency.
How do the costs compare to other AWS regions?
AWS services are priced on a regional basis, product pricing details can be found here. Here are a few examples:
|Region||EBS Provisioned Storage||Price - GB/Mo|
|Oregon or N. Virginia||EBS (gp2 SSD)||$0.10|
|Montreal||EBS (gp2 SSD)||$0.11|
|N. California||EBS (gp2 SSD)||$0.12|
|Ireland||EBS (gp2 SSD)||$0.11|
|Region||EC2 Compute - On Demand||Compute Price / Hour|
|Oregon or N. Virginia||M4.xlarge Linux instance||$0.215|
|Montreal||M4.xlarge Linux instance||$0.237|
|N. California||M4.xlarge Linux instance||$0.251|
|Ireland||M4.xlarge Linux instance||$0.238|
|Region||S3 Standard Storage (First 50 TB / month)||Price GB/ Mo|
|Oregon or N. Virginia||1 GB Storage Cost||$0.023|
|Montreal||1 GB Storage Cost||$0.025|
|N. California||1 GB Storage Cost||$0.026|
|Ireland||1 GB Storage Cost||$0.023|