Federal Cloud Procurement Best Practices Guide

Federal Cloud Procurement Best
Practices
Guidance for AWS Partners to advocate for cloud procurement industry
standards in federal acquisitions
2022
Notice: This document is provided for informational purposes only. Partners are responsible for making their own
independent assessment of the information in this document and any use of AWS’s products or services. This document
does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates,
suppliers, or licensors. Hel
Cloud Procurement Best Practices for AWS Partners
Notice: This document is provided for informational purposes only. Partners are responsible
for making their own independent assessment of the information in this document and any
use of AWS’s products or services. This document does not create any warranties,
representations, contractual commitments, conditions, or assurances from AWS, its affiliates,
suppliers, or licensors.
Table of Contents
Overview ....................................................................................................................................1
Engaging and Educating Customers ................................................................................................. 1
Topic Overview ..........................................................................................................................3
Understanding Cloud as a Commercial Item ................................................................................... 4
Contract Flow-Downs .......................................................................................................................... 4
1. Security and Assurance in the AWS Cloud ........................................................................5
2. AWS Terms and Conditions................................................................................................7
3. Cloud Pricing ......................................................................................................................8
Budgeting for Cloud ............................................................................................................................. 8
Bundling Services in a Single CLIN Structure .................................................................................. 9
4. Effective Evaluation Criteria and Contractor Qualifications ......................................... 10
Evaluating Price Effectively ..............................................................................................................10
Assessing Technical Approach to Innovation ................................................................................10
Validating Offeror’s Expertise, Experience, and Capabilities ......................................................11
Demonstrate Ability to Perform: AWS Partner Tiers and Competencies ............................11
Highlight Workforce Capabilities: Staff Certifications ...........................................................11
AWS Partner Training ............................................................................................................. 12
Validate Ability to Resell/Distribute AWS: AWS Solution Provider or Qualified
Distributor.......................................................................................................................................13
5. Facilitating Cloud-Centered Programs ........................................................................... 14
Facilitating Migrations and Modernization ....................................................................................14
Streamlining the ATO Process .........................................................................................................14
6. Governance and Management Considerations .............................................................. 16
Setting Up Cost Monitoring and Budgets ......................................................................................16
Protecting Root Account Access ......................................................................................................16
Determining Access to Data .............................................................................................................17
7. Technical Considerations ................................................................................................ 18
Offering a Breadth of Managed Services by CSP..........................................................................18
Enabling Effective Multi-Cloud Solutions ......................................................................................18
Conclusion .............................................................................................................................. 20
Additional Resources.............................................................................................................. 20
Use or disclosure of data contained on this sheet is subject to the restriction on the table of contents page of this
document i
2022
List of Figures
Figure 1. AWS Shared Responsibility Model. ........................................................................................ 5
Figure 2. Partner Model Determines Level of Involvement in Customer Responsibility. ............. 6
Figure 3. AWS Certification Programs................................................................................................. 12
document ii
2022
Overview
United States (US) government procurement regulations impose specific procurement rules
designed for traditional IT purchases, such as hardware and software. Effective cloud
procurement, however, is unlike traditional technology purchasing. Cloud procurement
demands re-evaluation of, and in some cases education on, the effective procurement
strategies needed to fully benefit from the cloud and its flexible pricing terms.
This Amazon Web Services, Inc. (AWS) whitepaper provides business, technology, and
acquisition professionals in our AWS Partner Network (APN) with guidance on common
practices to build successful public sector cloud procurement strategies. The guidance in this
document is based on best practices we have seen our customers use in procurements, and on
our experience collaborating with our partners to deliver hyperscale, reliable, and secure
cloud infrastructure successfully to millions of customers worldwide.
How to Use this Document
Partners should use this document to help US federal customers design cloud solicitations
that adopt to these best practices or modify existing contracts to align with the cloud services
model. Partners should articulate these considerations in customer conversations before a
procurement and within their responses to market surveys, RFIs, and draft RFPs.
Engaging and Educating Customers

There are several ways AWS Partners can help customers structure and shape cloud
procurement to ensure that customers achieve their objectives, take full advantage of cloud
technology, and avoid problematic or unnecessary contract elements. By focusing on the
customer’s specific needs, you can provide relevant considerations and procurement best
practices that will help customers reach their goals.
Typically, once a solicitation has been released, it is too late to request changes to contract
requirements. Thus, the key is to engage with the customer early in the acquisition process.
Below, we list key milestones and suggested actions throughout an opportunity’s lifecycle
during which AWS Partners have an opportunity to educate and guide customers effectively.
• Engage early with stakeholders to learn about the customer’s issues, objectives, and
opportunities. Educate key individuals (such as the Contracting Officer, Contracting
Officer’s Representative, Government’s Program Manager, or Chief Information Officer
[CIO]) on the value of the cloud and considerations relevant to their contracting model
and scope of work. By engaging procurement officers and technology leadership early,
you will be in a better position to understand your customer’s most important
objectives and how the cloud can help achieve those objectives. Additionally,
connecting with stakeholders from both business and technical departments gives you
insight into the organization’s cloud vision, budget and workload requirements, and
data security and compliance requirements. These will inform and help you identify the
cloud best practices that you suggest for the customer’s consideration.
• Attend industry days. Industry days are an opportunity to better understand the
customer’s goals and schedule for procurement. You will have a chance to provide
document 1
2022
feedback on the customer’s procurement model, whether through group question and
answer (Q&A) sessions or on a one-on-one basis.
• Review and engage with draft documentation. Thoroughly review draft solicitation
documents and market survey materials to understand scope, potential terms and
conditions, and other requirements. Provide detailed feedback during the market
survey timeframe that highlights any problematic areas for cloud procurement,
sections that require clarification, etc. Throughout this whitepaper, we offer examples,
including sample solicitation language, via “Education in Practice” callout boxes that
AWS Partners can reference to help customers make solicitations appropriate for
cloud procurement.
• Scrutinize and clarify final solicitation documentation. Review solicitation materials
as soon as final documentation is released. If there are any sections that conflict with
cloud operating models, that contradict one another, or that otherwise require further
clarity, ask the customer questions about these sections during the Q&A period.
Any time you are engaging with customers, frame considerations and guidance in terms of
how it will help the customer meet their objectives. Help customer stakeholders understand
how best practices or feedback will enable them to reach their goals more effectively or
faster. For instance, using a cloud-friendly pricing structure will ensure that customers can
take advantage of a consumption-based model—a model in which customers avoid
overpaying by paying only for the services they need, according to how long they are used
for. This kind of pricing structure eliminates the need for upfront capital expenditures to
purchase data center equipment.
document 2
2022
Topic Overview
This whitepaper covers the following topics and best practices related to partner-led cloud
procurements.
1. Security and Assurance in the AWS Cloud. Understand that security and
compliance responsibilities are shared between the cloud service provider
(CSP) and cloud customers—and in some cases, our AWS Partners who work
with those customers. AWS Partners and customers should feel confident
about the responsibilities they hold and how to architect appropriately to
meet their requirements and standards.
2. AWS Terms and Conditions. Recognize that cloud services are purchased as
a commercial item, and consider which terms and conditions are appropriate in
this context. CSP terms and conditions are designed to reflect how a cloud
model functions: CSPs operate at massive scale and offer standardized
services. As such, it is critical that a CSP’s terms and conditions are
incorporated and used to the fullest extent practicable. For example, flow-
downs are generally not relevant since AWS (and most CSPs) would not serve
as a subcontractor but as a supplier or vendor.
3. Cloud Pricing. Guide your customers to help them estimate, budget for, and
appropriately procure cloud resources within mandated procurement
regulations. The customer may need assistance understanding how to take
advantage of a pay-as-you-go structure and avoid static pricing approaches,
such as catalogs.
4. Effective Evaluation Criteria and Contractor Qualifications. Highlight the
realities of cloud contracting and clarify specific areas where customers should
seek effective partners for their cloud journey. We provide considerations for
how these areas may be reflected in cloud procurement evaluations.
5. Facilitating Cloud-centered Programs. Showcase how migrating to the
cloud can streamline modernization, hasten the time to comply with
regulations, and provide other incentives and benefits to customers.
6. Governance and Management Considerations. Differentiate levels of access
to account settings and responsibility for ongoing governance and
management. Customers may not understand what they can or should handle
in-house versus outsource in a cloud model. These tasks may include resource
monitoring or managing user identity and access.
7. Technical Considerations. Guide your customer in how to best achieve
technical requirements or system objectives, including factoring the pros and
cons of managed services (versus platform-as-a-service or infrastructure-as-a-
service products), open-source products, and multi-cloud environments.
document 3
2022
Understanding Cloud as a Commercial Item

Cloud computing should be purchased as a commercial item, which is defined by the Federal
Acquisition Regulation (FAR) as “Any item, other than real property, that is of a type
customarily used by the general public or by non-governmental entities for purposes other
than governmental purposes, and (i) Has been sold, leased, or licensed to the general public;
or (ii) Has been offered for sale, lease, or license to the general public.” Partners should
encourage customers to consider which terms and conditions are appropriate in this context.
Procurement and contract clauses relevant to procuring traditional IT services are often not
applicable to procuring commercial cloud services governed by FAR Part 12, which enables
agency contracting officers to accept contractors’ standard commercial license terms.
Partners should help customers understand that procuring cloud is a commercial
acquisition.
Contract Flow-Downs
AWS is a Cloud Service Provider (CSP) and provides the same fundamental services to all
customers. Since AWS is a commercial services provider, we are not acting as a subcontractor.
We do not provide managed services tailored to fit a Partner’s specific end customer needs,
including those of government customers under government contracts. Given AWS is not a
subcontractor, government contracting clauses are generally inapplicable to AWS and should
not be flowed down from a Partner. Partners should help educate customers that CSPs are
not subcontractors and as such, flow-downs are generally inapplicable to them.
document 4
2022
1. Security and Assurance in the AWS Cloud

Security and compliance responsibilities are shared between AWS and the customer. This
shared responsibility model can help relieve customers’ operational burdens as AWS operates,
manages, and controls the components from the host operating system and virtualization
layer down to the physical security of the facilities in which the service operates.
Customers—and our AWS Partners who work with those customers—control how they
architect and secure their applications and data in the AWS Cloud. AWS provides a range of
security and compliance services; a customer’s responsibilities will vary depending on the
services used, the integration of those services into their IT environment, and applicable laws
and regulations. Error! Reference source not found. shows the differentiation of shared
responsibility. We refer to the shared responsibility as security “in” the cloud, which the
customer owns, and security “of” the cloud, which AWS owns.
Figure 1. AWS Shared Responsibility Model. This model reflects the respective responsibilities that AWS
and the customer each have for securing the cloud and the resources and data it holds. Other parties such
as a software provider or AWS Partner may sometimes hold security responsibilities.
In partner-led acquisitions, there is another party to factor into this model—the partner. The
level of CSP and customer responsibilities in the shared responsibility model depend on the
cloud deployment model, as shown in Figure 2. For example, a reseller may pass along the
same shared responsibility model while a managed service provider may take on many of the
customer responsibilities in the Shared Responsibility Model. AWS Partners should
encourage customers to be clear about their desired level of responsibility in a cloud
procurement.
document 5
2022
Figure 2. Partner Model Determines Level of Involvement in Customer Responsibility. Based on the
type of partner support model, an AWS Partner may hold most, some, or none of the customer’s
responsibilities in the AWS Shared Responsibility Model.
document 6
2022
2. AWS Terms and Conditions

AWS Partners should understand the difference between procuring cloud infrastructure, also
known as infrastructure-as-a-service (IaaS), procuring cloud platforms (known as platform-as-
a-service [PaaS]), and procuring managed services (known as software-as-a-service [SaaS]).
Understanding the differences between these types of procurement can help you educate
customers on the best procurement model for their needs.
Successful cloud procurements separate cloud infrastructure from hands-on keyboard
services and labor in addition to other managed services purchases. Cloud infrastructure
management, such as labor for planning, developing, executing, and maintaining cloud
migrations and workloads, can be provided by AWS Partners as one comprehensive solution.
However, cloud infrastructure should be regarded as a separate service with distinct roles and
responsibilities, service level agreements (SLAs), and terms and conditions. Partners should
advise customers to incorporate commercial CSP terms and conditions in their
solicitations and avoid reusing terms and conditions from traditional IT infrastructure
procurements.
document 7
2022
3. Cloud Pricing
Many commercial cloud-based solutions operate on an on-demand, pay-as-you-go pricing
model, which is incongruous with traditional procurement rules and appropriations models
for fixed IT costs. The pay-as-you-go model significantly reduces costs and encourages
efficiencies by allowing for customers to pay only for the resources they consume. With the
pay-as-you-go model, customers pay for resources at commercial rates that may fluctuate
based on usage and innovation. Often, due to the economies of scale with cloud, cloud
services prices are reduced over time.
AWS Partners should help customers build a cloud acquisition model for on-demand, pay-
as-you-go services. AWS Partners can use tools like Migration Evaluator, the AWS Pricing
Calculator, and AWS Pricing Documentation to help educate customers about the
components of cloud pricing and provide granular pricing estimates for solutions and
workloads. By leveraging these tools and AWS best practice guidance, partners can discover,
assess, and design compelling solutions using AWS services, and provide customers with a
total cost of ownership (TCO) and cost modeling analysis to help accelerate cloud
procurement decisions.
Budgeting for Cloud

AWS Partners should help customers explore the following considerations when budgeting
for a cloud acquisition:
• Calculate and compare projected costs of upcoming IT initiatives. Moving to the
cloud can increase cost savings and advance overall technological capabilities through
modernization via efficiencies and automation. Delivering customers increased
capability at the same cost will result in cost savings for them.
• Compare projected costs of planned and new IT initiatives over one, three, or five
years (or whichever time frame is appropriate for the initiative). Account for the
costs that come with initial migration efforts and the overall IT costs, which will
normalize over the long term.
• Consolidate accounts. Consolidating accounts under a single bill allows customers to
designate one account as a payer account and then link other accounts to it.
o Relevant AWS tool: AWS Organizations allows AWS cutomers to consolidate
accounts and provides a combined view of AWS charges incurred by all accounts. It
also offers a cost report for each individual account associated with a payer
account.
• Analyze spend to better predict and manage cloud budget. When customers
understand how to leverage CSP budgeting and cost monitoring tools, they will be
more comfortable with budgeting for a pay-as-you-go model. AWS Partners can
provide customers with access to budgeting and cost monitoring tools to illustrate
how they work under the pay-as-you-go model.
o Relevant AWS tools: Consider providing customers with access to tools such as AWS
Cost Explorer to analyze cloud usage and AWS Budgets to set thresholds when
spend reaches predefined amounts. Such tools help customers to determine
document 8
2022
whether to reduce usage to avoid overages or prepare additional funding to cover

costs that exceed their projected budget.
• Capitalize on multi-year CSP discount programs and reserved resources such as
reserved instances (RIs) where possible. AWS Partners should help customers budget
effectively for cloud. This may include committing upfront investments on estimated
spend and usage by pre-purchasing resources to help lower costs. Customers may be
eligible for discounts based on higher commitments and longer durations of
engagement.
Bundling Services in a Single CLIN Structure

AWS recommends customers use a contract line item number (CLIN) structure that bundles
broad groups of cloud services (e.g., cloud service consumption) rather than establishing
individual CLINs for each specific cloud service (e.g., Amazon Elastic Compute Cloud [Amazon
EC2]) that a customer intends to use at the time of the procurement.
Establishing a single CLIN for cloud services provides a simple approach to leveraging the
cloud’s pay-as-you-go model. Using general
classes of service with a not-to-exceed (NTE)
ceiling provides the flexibility of buying a CSP Education in Practice: Avoiding Catalogs
account with a full menu of available cloud AWS Partners should encourage their
services. This approach offers customers the customers to structure their pricing/contractual
flexibility to provide new CSP services to ordering mechanisms to be dynamic, scalable,
users in real time in addition to providing and simple. This will allow them to take
users with quick access to the resources they advantage of new and emerging technology
quickly without having unnecessary
need when they need them. This approach administrative burden for each product or
also accommodates fluctuating demand, service modification. To this end, we
leading to optimized utilization and low recommend that customers avoid a service-
costs. Additionally, as new cloud service pricing catalog for cloud computing. A catalog is
offerings are introduced, this pricing difficult to maintain due to the constant addition
of new services and features as well as frequent
structure provides the flexibility to leverage reductions in price. Depending on the AWS
the latest in technology without needing to Regions and cloud services in scope, there
initiate contract modifications. For this could easily be a million plus line items that
reason, AWS does not recommend including reflect all various permutations of our broad
static pricing catalogs. service catalog. Awardees should have the
ability to pull from an ever-growing toolkit to
Partners should advise customers to use a tailor and right-size solutions to each project.
single CLIN structure for “Cloud Services” AWS recommends that customers source
current pricing in real time from the AWS
rather than having thousands of CLINs to
Pricing Calculator or the AWS Management
procure each different cloud service (or a Console.
fixed pricing catalog). For more information
and examples of sample single CLIN
structures, you can review the Cloud Procurement Best Practices document, which we provide
a link to in the Additional Resources section.
document 9
2022
4. Effective Evaluation Criteria and Contractor Qualifications

The following subsections present our recommendations related to evaluation criteria that
effectively focus proposal evaluation on useful and effective factors.
Evaluating Price Effectively

In addition to leveraging a single CLIN pricing structure, AWS offers the following
recommendations to ensure that customers design effective, efficient pricing evaluations.
• Use public pricing. Encourage customers to leverage publicly available, up-to-date
pricing estimation tools.
o Relevant AWS tool: AWS Pricing Calculator builds up-to-date pricing estimates
throughout the period of performance.
• Avoid price catalogs. Discourage the use of a static pricing catalog submission to
evaluate cloud service pricing given the millions of SKUs that represent every possible
type of purchase across all cloud services, sizes, geographic locations, and other facets
of granularity that a CSP would offer. Forgoing a pricing catalog provides customers
with the flexibility to provide new CSP services to users in real time and to take
immediate advantage of any price reductions.
• Showcase savings. Factor in the incentives afforded through CSP programs. AWS
Partners should help their customers understand and evaluate the available incentives
and discounts (through programs like the AWS Migration Acceleration Program [MAP],
for example). While migrating to the cloud requires an upfront investment, many CSP
programs offset these initial costs to avoid a “double bubble” of costs for customers.
• Consider scenarios. Recommend the use of a pricing sample scenario to demonstrate
costs against defined amounts so that customers can evaluate service pricing in action
with an apples-to-apples comparison.
Assessing Technical Approach to Innovation

Cloud services represent the latest in emerging technology and can be a key enabler for
innovation. We recommend that AWS Partners highlight how your proposal will introduce
innovation through the following strategies:
• Feature a specific approach or timeline for imbuing innovation. Customers are
eager to understand how contractors incorporate innovation, especially on migration,
modernization, and transformation opportunities. Consider if you can establish
discrete mechanisms and/or specific milestones to demonstrate commitments to
advance capabilities, introduce efficiencies, or transform processes.
• Showcase CSP innovation areas. Customers want to see technology innovation that
provides better, faster, less expensive ways to serve their constituents, such as natural
language processing (NLP) and intelligent document processing. AWS Partners can
help highlight a CSP’s mastery in key innovation areas and how that can jumpstart a
customer’s ability to meet public sector objectives.
document 10
2022
Validating Offeror’s Expertise, Experience, and Capabilities

AWS Partners should encourage customers to evaluate the cloud experience and expertise
of offerors. AWS Partners who invest in their AWS practice have proven experience and areas
of expertise. They have also developed relationships and processes that will benefit public
sector customers. In the following subsections, we offer recommendations to help AWS
Partners ensure that procurement effectively weighs these capabilities.
Demonstrate Ability to Perform: AWS Partner Tiers and Competencies

AWS provides tiers (Select, Advanced, Premier) to
recognize organizations that have proven technical Education in Practice with
expertise and demonstrated customer experience. The Sample Solicitation Language
AWS Competency Partner Program is designed to
“The contractor shall be a
identify, validate, and promote AWS Partners with
member of CSP partner network
demonstrated AWS technical expertise and proven and hold <<vendor-specific
customer success. These programs are rigorous and have certification/level name>> to
clear qualification criteria that can be used alongside or demonstrate relevant expertise
in lieu of traditional corporate experience or past and experience.”
performance proposal sections as a way to validate
relevant expertise and experience—whether with a
specific industry, customer segment, use case, or workload. AWS Partners should educate
customers on the value and validation that their tier and competency provide, in addition
to benefits or incentives that it can help unlock. Partners should also recommend that
customers include AWS APN Tier or Competency as a vendor requirement.
Differentiating Your Practice

The AWS Competency Program and the AWS Service Delivery Program have been designed to differentiate
your practice or solution, provide you with go-to-market tools, and increase your customer visibility.
Benefits include:
• Increased visibility with customers, AWS Sales, and AWS service teams
• Deep diving with AWS subject matter experts and at AWS events
• Accessing funding, credits, and discounts.
Highlight Workforce Capabilities: Staff Certifications

AWS Certification validates cloud expertise to help professionals highlight in-demand skills
and organizations build effective, innovative teams for cloud initiatives using AWS. You can
choose from diverse certification exams by role and specialty designed to empower you and
your team to meet your unique goals. Attaining AWS Certifications can demonstrate to your
customers that your staff has the skillsets needed to perform required tasks. Figure 3
provides an overview of available AWS Certifications, including foundational (six months
experience recommended), associate (one year of experience recommended), professional
(two years of experience recommended), and specialty certifications.
document 11
2022
Figure 3. AWS Certification Programs. We offer a wide variety of certifications that help you validate
your cloud expertise. AWS Certifications are industry-recognized credentials that help professionals
highlight in-demand skills and allow organizations to build effective, innovative teams for cloud
initiatives.
AWS Partner Training

AWS Partner Training offers digital and classroom training resources that are designed
exclusively for our AWS Partners. The following AWS Partner Learning Paths can help you
strengthen your foundational knowledge, develop specialized skills, and achieve accreditation
and certification to demonstrate your capabilities to customers:
• AWS Business Professional: This path is built for individuals who wish to gain a basic
understanding of AWS Cloud services and our core business value propositions.
• AWS Technical Professional: This path is built for individuals who wish to gain a
fundamental and technical knowledge of AWS Cloud computing and supporting
infrastructure.
• AWS Professional Services: This path is built for individuals who seek to gain, develop,
and extend professional services competencies aligned to AWS Certifications.
• Partner Learning Path Tool: This is a tool designed to help find partner training that
will work best for you and your team. Select your role and then your area of focus to
generate your learning path. The results will help you build your AWS knowledge to
better serve your customers.
document 12
2022
Validate Ability to Resell/Distribute AWS: AWS Solution Provider or Qualified

Distributor
Reselling AWS requires certain knowledge and
infrastructure in order to appropriately perform billing Education in Practice with
and end user reporting. It also requires support to set Sample Solicitation Language
up hierarchies in AWS Organizations for enterprise-
wide billing. To ensure customers receive effective “The contractor shall be an
authorized reseller or engage an
support, AWS requires AWS Partners to receive
approved distributor approved to
authorization to resell AWS Cloud services to end provide CSP services to
customers by joining the AWS Solution Provider [Customer Name].”
Program (SPP). This program affords partners with
technical guidance and funding benefits relevant to
effectively managing, servicing, supporting, and billing their customers. Partners should
educate customers on the requirement and benefits of seeking a contractor in the AWS
SPP when resell is in scope.
AWS Partners in AWS SPP manage, service, support, and bill AWS accounts on behalf of end
customers. AWS SPP provides AWS Partners with a tiered discount structure based on AWS
Partners' technical capabilities and success in driving new business; flexible contracting
options to meet the unique needs of end customers; and multiple support models that align
to your AWS practice.
If you do not have the appropriate infrastructure to serve as a reseller or are not interested in
the scope of work related to reselling AWS, you can engage an AWS Distributor. AWS
Distributors are validated members of the APN that offer innovative operations or billing
support to fellow AWS Partners to invoice AWS Cloud services to customers. AWS Distributors
provide operations and billing support, assist in achieving APN program designations, and
build stronger technical capability to better serve end customers. Authorized AWS
Distributors offer eligible AWS Partners tools and services to deliver high quality customer
solutions. AWS Partners can learn more about the AWS Distribution Program and working
with an AWS Distribution Partner in the APN blog: “Working with an AWS Distribution Partner
Helps APN Partners Build a Successful Business.”
document 13
2022
5. Facilitating Cloud-Centered Programs

Facilitating Migrations and Modernization
Modernizing applications is an inevitable aspect of cloud transformation, and AWS Partners
can support these tailored modernization and migration initiatives.
AWS Partners with the Migration
Competency accelerate a customer’s cloud Value of AWS MAP
adoption journey by providing business Driven by best practices and experience, AWS MAP
expertise, migration and modernization provides AWS Partners and their customers with key
tools, education, and support to customers in benefits:
the form of professional services. AWS MAP • Consulting support throughout a customer’s
provides key benefits, including support, cloud adoption journey
guidance, tools, and investments. AWS • Prescriptive guidance underpinned by best
investments, in the form of AWS service practices and experience from hundreds of
successful enterprise customer migrations
credits or cash, are intended to help
• Programmatic set of tools to enable cloud
customers offset one-time migration migration success
expenses, such as labor, training, and • Services credits to offset the initial cost of
running parallel environments. migrations.
Streamlining the ATO Process

CIOs often request the facilitation of a faster ATO process. Any opportunity to speed up
innovation in citizen services is valuable to end customers. AWS Partners can help deliver
efficiencies by highlighting the use of cloud services—particularly managed services—that
already have a Provisional ATO. AWS Partners should consider the amount of new
development when architecting in the cloud: every component that goes into a workload
needs to be scanned, and every finding must be fixed and verified before an ATO is issued,
which lengthens the time it takes to secure approval. To shorten this process, AWS Partners
should consider choosing AWS Cloud services that have already gone through Federal Risk
and Authorization Management Program (FedRAMP) assessment and authorization. Visit the
Services in Scope web page for a comprehensive overview of these services.
The ATO on AWS Program helps AWS Partners
Value of the ATO on AWS Program meet their customers’ authorization needs, such
For AWS Partners who have joined the ATO on as architecting, configuring, deploying, or
AWS Program, showcase the validation that integrating tools and controls. ATO on AWS
your participation in this program supports workloads for government standards
demonstrates. Beyond validating your such as FedRAMP, Federal Information Security
experience, it allows you to leverage trainings,
templates, and tools to streamline Management Act (FISMA), the Risk Management
development time. Further, it gives you access Framework (RMF), and Cybersecurity Maturity
to direct engagement with AWS Security Model Certification (CMMC) in the US.
Strategists to facilitate your ability to achieve
ATOs more successfully and rapidly. The Authority to Operate (ATO) on AWS team
provides informal advisory services to qualified
AWS Partners at no cost. They advise on
compliance frameworks across healthcare, privacy, national security, financial sectors, and
document 14
2022
more. Our ATO on AWS Partners help customers navigate, automate, and accelerate building
compliant workloads on AWS and reduce time and cost. Our team will help connect
customers to AWS Partners based on specific consulting, deployment, and integration
expertise.
Once AWS Partners meet the requirements in the ATO on AWS Program checklist, you can
apply to join the ATO on AWS Program. Once approved to join the program, you will be
assigned a Security Partner strategist to seek guidance on your specific business needs. You
can immediately take advantage of AWS ATO Partner benefits, including your AWS Partner
badge with ATO on AWS designation, funding, marketing resources, and more. Learn more on
the ATO on AWS Program website.
document 15
2022
6. Governance and Management Considerations

AWS Partners should be clear about what they can and will accept responsibility for in the
realm of governance and management. As described in Section 2, an AWS Partner may hold
most, some, or none of the customer’s responsibilities based on the type of partner support
model defined in the contract.
Setting Up Cost Monitoring and Budgets

AWS provides a host of account and cost management capabilities that enterprises can
employ to facilitate organizational billing and governance needs. AWS Partners can help
customers navigate and establish cost monitoring, budgeting, governance, and other tools in
AWS. Partners can provide customers with access to additional invoicing, cost analysis, and
chargeback support. This can be a crucial task as cloud usage is often a centralized cost with
internal departments, users, or codes that need to be established and billed appropriately.
Partners should help customers understand this as a requirement and clearly explain their
processes to support effective cost governance controls. Cloud contracts should include
standard contract funding alerts, so Partners can manage budget and prepare for any
necessary contract modifications.
AWS Partners should also clarify the level of access that customers will have to billing
information. For example, the AWS Partner may choose to provide the customer with root
account access, which offers the highest level of transparency into billing data through direct
access to cost usage and monitoring tools in the CSP console. If the customer does not need
this level of access, the AWS Partner may consider providing monthly billing reports instead.
Protecting Root Account Access

If the customer requires access to the root account, AWS Partners should help them
understand the responsibilities of owning cloud accounts and root account access and how to
safeguard it. Direct ownership of cloud accounts provides an organization with direct access
to all CSP resources within their own customer account for full transparency and enables
immediate customer action, if desired. With root account access, the customer can ensure
their ability to transfer ownership of their CSP account and its resources. However, direct
access to accounts and root access credentials requires strict access control and safeguarding.
AWS Partners should understand the responsibilities this level of access demands of
customer teams.
AWS Partners should also educate their customers on the responsibilities that these levels
of access demand. Education includes helping customers identify when to use root account
access to ensure customer data remains protected and to avoid accidental usage. The
customer should also understand that the credentials of the root account owner allow full
access to all resources in the account. You cannot use AWS Identity and Access Management
(IAM) policies to explicitly deny the root user access to resources. You can only use an AWS
Organizations service control policy (SCP) to limit the permissions of the root user.
AWS recommends that the AWS Partner and/or customer create an IAM user with
administrator permissions to use for everyday AWS tasks and to lock away the access keys for
document 16
2022
the root user. The AWS root user account should only be used for specific tasks. For example,
only the root user can close the account, change or cancel an AWS Support plan, sign up for
AWS GovCloud (US), or change account settings. It is also required to transfer ownership of
CSP accounts and resources, which can be critical during contract transitions. This AWS
Account Management Reference Guide provides more information about managing an AWS
account, including considerations and best practices around root account access.
Determining Access to Data

A customer can establish requirements that define an AWS Partner’s access to data. Even if
you establish and manage AWS accounts on behalf of the customer, you can establish IAM
policies that limit access to data. AWS Partners should be clear about the level of
responsibility (held by the customer and the AWS Partner) associated with corresponding
access to data.
document 17
2022
7. Technical Considerations
AWS Partners should help customers understand critical technical requirements and
considerations in a cloud procurement, as detailed in the subsections below.
Offering a Breadth of Managed Services by CSP

The breadth of managed services offerings should be a key consideration in selecting a CSP or
CSP services. Instead of using compute and storage, installing open source software or
commercial-off-the-shelf (COTS) products, and managing them continually, AWS Partners
should help their customers leverage a CSP’s managed services. This gives customers the
following benefits:
• Embedded innovation and interoperability: Managed cloud services give customers a
jump start on innovation and interoperability rather than starting with infrastructure
management.
• Faster time to ATOs: Managed cloud services generally come with Provisional ATOs,
which shorten the overall time for a customer to obtain an ATO.
• Shared operational responsibility: Managed cloud services transfer operational
responsibilities such as maintaining SLAs, security patches, and version upgrades to
the CSP.
Cloud vendors often take open source software products and convert them into managed
services. AWS Partners should explore the long-term benefits of a solution based on cloud
managed services versus a COTS-based implementation. In general, moving towards cloud
services enables AWS Partners to pass on the following benefits to their customers:
• Seamless software version upgrades managed by the CSP
• Security patching handled by the CSP
• Reduced risk of vendor lock-in
• Passing SLA commitment risks to the CSP.
Enabling Effective Multi-Cloud Solutions

Over the past few years, organizations have increasingly requested multi-cloud approaches
and solutions. Due to differences in how different CSPs engineer their services, complete
application portability between different CSPs may not be technically feasible without a
significant amount of application re-engineering. In addition, CSPs differ widely in the
breadth of services offered. AWS Partners instead may decide to recommend a multi-
conclave approach—an approach with one conclave for each CSP. A multi-conclave approach
can provide customers the following benefits:
• Avoid extensive reengineering. Workloads can be handled in different conclaves
without re-engineering.
• CSP capabilities aligned to specific workload requirements. Customers can match
the type of workloads or applications to the unique services, features, or infrastructure
offered by individual CSPs.
document 18
2022
• Multi-cloud cost management. Customers can leverage powerful CSP-specific cost

governance, monitoring, and management tools.
Throughout the life of a multi-cloud contract, AWS Partners should encourage their
customer to indicate what specific features and capabilities they need per workload so
that AWS Partners can recommend a specific CSP’s services that best align to the
requirements or use case.
document 19
2022
Conclusion
Cloud procurement is unlike that of traditional IT. When structuring a cloud procurement and
developing procurement strategies, AWS Partners can provide support to customers through
education, recommendations, and specific inputs for sample procurement language. AWS
created this whitepaper to provide our AWS Partners with a resource to assist in building
successful cloud procurement strategies. The information in this whitepaper is based on our
experience helping Partners successfully deliver cloud infrastructure to their Public Sector
customers around the world.
Should you have further questions or need additional help, please reach out to your
designated AWS APN Alliance Lead Contact.
Additional Resources
The following links provide additional resources in the form of blogs, whitepapers, training,
and handbooks:
• Cloud Procurement Best Practices
o Blog available at https://aws.amazon.com/blogs/publicsector/cloud-
procurement-best-practices-us-federal-government-agencies/
o Whitepaper available at https://d0.awsstatic.com/whitepapers/10-considerations-
for-a-cloud-procurement.pdf
• Additional free AWS training courses for AWS Partners are available online by specific
topics from accreditation courses to technical subjects at
https://aws.amazon.com/partners/training/course-descriptions/
• For an overview of cloud acquisition considerations and best practices, we
recommend the Getting Started with Cloud Acquisition course available on Skill
Builder.
• Cloud Infrastructure Services Providers in Europe (CISPE) Buying Cloud Services in
Public Sector Handbook available at https://cispe.cloud/buying-cloud-services-in-
public-sector-handbook/
document 20
2022

Federal Cloud Procurement Best Practices Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Federal Cloud Procurement Best Practices Guide

Uploaded by

Copyright:

Available Formats

Federal Cloud Procurement Best

Engaging and Educating Customers

Understanding Cloud as a Commercial Item

1. Security and Assurance in the AWS Cloud

2. AWS Terms and Conditions

Budgeting for Cloud

whether to reduce usage to avoid overages or prepare additional funding to cover

Bundling Services in a Single CLIN Structure

4. Effective Evaluation Criteria and Contractor Qualifications

Evaluating Price Effectively

Assessing Technical Approach to Innovation

Validating Offeror’s Expertise, Experience, and Capabilities

Demonstrate Ability to Perform: AWS Partner Tiers and Competencies

Differentiating Your Practice

Highlight Workforce Capabilities: Staff Certifications

AWS Partner Training

Validate Ability to Resell/Distribute AWS: AWS Solution Provider or Qualified

5. Facilitating Cloud-Centered Programs

Streamlining the ATO Process

6. Governance and Management Considerations

Setting Up Cost Monitoring and Budgets

Protecting Root Account Access

Determining Access to Data

Offering a Breadth of Managed Services by CSP

Enabling Effective Multi-Cloud Solutions

• Multi-cloud cost management. Customers can leverage powerful CSP-specific cost

You might also like