Correct, this is meaningless. It's purely to provide a facade for companies and countries who are still fully in bed with US big tech, so they have something to point at and can delay the inevitable for longer.
Another goal with this is to muddy the waters on the word "sovereign" in relation to tech e.g. "cloud". This is a big reason why they've chosen this exact name. Now every discussion regarding it is more prone to devolve into "but what does it really mean!? Amazon has a 'sovereign cloud'!!". Taking time away from discussing the core and actual sovereign cloud.
It's the umpteenth despicable play by US big tech. It doesn't matter what guarantees they give, the US is in charge of anything remotely related to Amazon, even if they set up "independent subsidiaries", do everything through "local partners" and what not.
The point of setting it up as a German legal entity with US AWS having no special access is to avoid that.
All the relevant part of the CLOUD Act does is make it so when a US legal entity is asked to provide data that it controls it doesn't matter where it has stored that data. For example suppose I run an online forum. I decide to archive some records to cloud storage and remove my local copies.
I archive some of them to AWS in the US. I archive some more to a cloud provider that is in some other country and does not have any US data centers or offer services in the US (I'm going through a VPN with an endpoint in their country so they only see me using a local to them IP, and I pay via some method that doesn't tip them off that I'm American).
I get legally ordered to give copies of those archived records to law enforcement. Under the CLOUD Act I have to retrieve copies from both cloud providers and turn those over.
Note that from the foreign cloud provider's point of view nothing unusual is happening. All they see is a customer retrieving some data that that the customer previously put there, using the normal APIs that are provided for customers to do that with. They have no idea why the customer is retrieving the data.
From the way they are describing it in the article and in their FAQ at https://aws.eu/faq/ it sounds like they are setting up a German company and giving that company the rights to use a bunch of AWS technology which will be run on infrastructure owned and operated by the German company and with no operational access for US AWS. That would make it pretty much equivalent to the foreign cloud service in the example above.
The reason earlier I said "relevant part of the CLOUD Act" is that it actually did two things. One is what is described above, which for some reason is what most people focus on even though it wasn't very controversial.
The other part, which is what most opposition was over, concerned "mutual legal assistance treaties" (MLATs). These are agreements between countries to, as you might guess from the name, assist each other in law enforcement. The CLOUD Act made it so MLATs could be created through executive agreements, just requiring the Attorney General and the Secretary of State to agree that the other country had protections in place to protect US citizens.
Before the CLOUD Act MLATs were created by the executive branch negotiating the terms and then the agreement had to be ratified as a treaty by Congress, so this was a huge change.
Ofcourse the real issue that every American is a potential CIA spy. We know this from history.
Its really not that different from China. Every American will always cooperate like a good little patriot. I don't even blame them for it that is how they are brought up.
Humm no. OVH is French, OVH US is not, both are two different subsidiaries. In fact, you cannot order OVH US infrastructures with a European OVH account, you need to create a US account.
Silly to assume no data crosses the boundary also considering how US is acting like trusting any US company is pretty silly as well.
If that orange clown stays in power it won’t belong before we are at war and then you will lose access to everything overnight and all your data is theirs
If Amazon is down in the US, would this work? The fact that they mention “any Amazon customer can access this” makes me think it’s intermingled / not cleanly separated and isolated from US infrastructure
AWS has the notion of "partitions", which is a technical boundary encompassing multiple regions. This mostly doesn't come up, but it does poke through in certain implementation details, like how AMI manifests for groups of regions (partitions) need to be encrypted for different public keys. Each partition has a specific region which must be targeted for certain partition-wide actions, such as managing IAM endpoints in other regions.
Normal AWS (`aws`) traces to `us-east-1`. AWS GovCloud (US) (`aws-us-gov`) is distinct, based in `us-gov-west-1`. AWS in China (`aws-cn`) is distinct again, based in `cn-north-1`.
The AWS European Sovereign Cloud is implemented as a distinct partition – `aws-eusc` based in `eusc-de-east-1` – so it has exactly as much in common with normal AWS as AWS GovCloud (US) or AWS in China.
The docs explicitly describe this cloud's independence from the US.
> The AWS European Sovereign Cloud will be capable of operation without dependency on global AWS systems so that the AWS European Sovereign Cloud will remain viable for operating workloads indefinitely even in the face of exceptional circumstances that could isolate the AWS European Sovereign Cloud from AWS resources located outside the EU, such as catastrophic disruption of transatlantic communications infrastructure or a military or geopolitical crisis threatening the sovereignty of EU member states.
From what I’m understanding, it won’t be dependent anymore on us-east-1, but this isn’t mentioned explicitly. This is great, especially if you consider that some cut cable in the ocean could literally turn off a big part of the companies in a whole continent.
The real question is whether AWS European Sovereign Cloud IAM data is still hosted in us-east-1 with zero HA. Because this is exactly the case right now if you start any workloads in the Dublin region, for example.
If the IAM in us-east-1 goes down, every non-public object or workload that needs any kind of AWS authentication will fail immediately. That is: world-readable S3 buckets are fine, but your RDS database is most likely inaccessible.
Since it is a US company, it is still subject to cloud act, US intelligence full access, and Trumps ability to ignore any and all laws and contracts.
Microsoft execs, who have similar offerings, have confirmed this under oath.
So either this is a valiant attempt by AWS that is ultimately misguided, or it is an attempt to capture customers without even a hint of legal expertise.
AWS, Azure and GC stand to lose all EU customers in the next years. They simply must, given that no data with them is secure from Trump’s admin or industrial espionage.
This does not help that
Readit News
Seems like a lot of work to still have data that can be exfiltrated by the US.
Another goal with this is to muddy the waters on the word "sovereign" in relation to tech e.g. "cloud". This is a big reason why they've chosen this exact name. Now every discussion regarding it is more prone to devolve into "but what does it really mean!? Amazon has a 'sovereign cloud'!!". Taking time away from discussing the core and actual sovereign cloud.
It's the umpteenth despicable play by US big tech. It doesn't matter what guarantees they give, the US is in charge of anything remotely related to Amazon, even if they set up "independent subsidiaries", do everything through "local partners" and what not.
All the relevant part of the CLOUD Act does is make it so when a US legal entity is asked to provide data that it controls it doesn't matter where it has stored that data. For example suppose I run an online forum. I decide to archive some records to cloud storage and remove my local copies.
I archive some of them to AWS in the US. I archive some more to a cloud provider that is in some other country and does not have any US data centers or offer services in the US (I'm going through a VPN with an endpoint in their country so they only see me using a local to them IP, and I pay via some method that doesn't tip them off that I'm American).
I get legally ordered to give copies of those archived records to law enforcement. Under the CLOUD Act I have to retrieve copies from both cloud providers and turn those over.
Note that from the foreign cloud provider's point of view nothing unusual is happening. All they see is a customer retrieving some data that that the customer previously put there, using the normal APIs that are provided for customers to do that with. They have no idea why the customer is retrieving the data.
From the way they are describing it in the article and in their FAQ at https://aws.eu/faq/ it sounds like they are setting up a German company and giving that company the rights to use a bunch of AWS technology which will be run on infrastructure owned and operated by the German company and with no operational access for US AWS. That would make it pretty much equivalent to the foreign cloud service in the example above.
The reason earlier I said "relevant part of the CLOUD Act" is that it actually did two things. One is what is described above, which for some reason is what most people focus on even though it wasn't very controversial.
The other part, which is what most opposition was over, concerned "mutual legal assistance treaties" (MLATs). These are agreements between countries to, as you might guess from the name, assist each other in law enforcement. The CLOUD Act made it so MLATs could be created through executive agreements, just requiring the Attorney General and the Secretary of State to agree that the other country had protections in place to protect US citizens.
Before the CLOUD Act MLATs were created by the executive branch negotiating the terms and then the agreement had to be ratified as a treaty by Congress, so this was a huge change.
Its really not that different from China. Every American will always cooperate like a good little patriot. I don't even blame them for it that is how they are brought up.
Deleted Comment
The more interesting question is if a conflict will ever get public?
If that orange clown stays in power it won’t belong before we are at war and then you will lose access to everything overnight and all your data is theirs
https://docs.aws.amazon.com/whitepapers/latest/aws-fault-iso...
Normal AWS (`aws`) traces to `us-east-1`. AWS GovCloud (US) (`aws-us-gov`) is distinct, based in `us-gov-west-1`. AWS in China (`aws-cn`) is distinct again, based in `cn-north-1`.
The AWS European Sovereign Cloud is implemented as a distinct partition – `aws-eusc` based in `eusc-de-east-1` – so it has exactly as much in common with normal AWS as AWS GovCloud (US) or AWS in China.
> The AWS European Sovereign Cloud will be capable of operation without dependency on global AWS systems so that the AWS European Sovereign Cloud will remain viable for operating workloads indefinitely even in the face of exceptional circumstances that could isolate the AWS European Sovereign Cloud from AWS resources located outside the EU, such as catastrophic disruption of transatlantic communications infrastructure or a military or geopolitical crisis threatening the sovereignty of EU member states.
If the IAM in us-east-1 goes down, every non-public object or workload that needs any kind of AWS authentication will fail immediately. That is: world-readable S3 buckets are fine, but your RDS database is most likely inaccessible.
Since it is a US company, it is still subject to cloud act, US intelligence full access, and Trumps ability to ignore any and all laws and contracts. Microsoft execs, who have similar offerings, have confirmed this under oath.
So either this is a valiant attempt by AWS that is ultimately misguided, or it is an attempt to capture customers without even a hint of legal expertise.
AWS, Azure and GC stand to lose all EU customers in the next years. They simply must, given that no data with them is secure from Trump’s admin or industrial espionage. This does not help that
Perhaps one could sue them for that.
That's been the (very successful) business model of all those GDPR "consent management" providers.
Appears to be in Massen: https://www.lr-online.de/lausitz/finsterwalde/investition-in...