Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Logical Separation Compared to Physical Separation - Logical Separation on AWS

This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.

This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.

Logical Separation Compared to Physical Separation

PDFRSS

Customers can leverage some or all aspects of the AWS capabilities below to meet or exceed the security of their on-premises physical separation requirements.

  • Unified authentication and authorization – A robust and granular authentication and authorization model common across all AWS services that integrates with on-premises user identity management systems.

  • Rich monitoring and logging – Deep and granular logging services for visibility of all API calls and resource state across AWS services. Current configuration and application events are logged in a centralized fashion to quickly understand both current security posture as well as a record of previous configuration states. 

  • Virtual private cloud (VPC) and accompanying features — VPC is a software-defined network that allows customers to create segmented or micro-segmented network domains to isolate traffic flow between different compute environments and AWS services as well as to join together segments when needed in safe and limited ways.

  • Encrypting data at-rest and in-transit — Encryption options for all AWS storage services, powerful certificate creation and lifecycle management for encrypting data in transit. Key management via AWS Key Management Service (AWS KMS) or optionally using AWS CloudHSM for key generation and storage.  

  • Host and instance isolation — Options to provision dedicated hypervisor-enabled or bare-metal architectures to maintain customer data on a physical compute host is not shared with others.

  • Serverless and container architecture — Isolated execution environments offer a smaller, ephemeral runtime environment to simplify security controls. 

Topics

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.