Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
cedws 5 hours ago

Apparently AWS's European Sovereign Cloud has Bedrock, so that could be an option.

sparkling 5 hours ago | parent | next [-]

The AWS Sovereign Cloud is still owned 100% by Amazon Inc. in the US. Not saying that rules it out for all use cases, but something that should be mentioned. "Sovereignty" is a somewhat vague term.

well_ackshually 5 hours ago | parent | prev [-]

<American Company> European means nothing. They are all subject to the US Cloud Act, and the moment you start using their services, it inevitably has one or two services that end up contacting us-east-1 anyways. And that's without taking into account that they are all trying to fuck you over from.behind anyways as they sign data exchange agreements between Europe and the US.

The large US players are not an option if you want your data safe from the US.

cedws 5 hours ago | parent [-]

I haven't looked into the details but I remember from the announcement that the EU cloud is owned specifically by an EU entity headed by EU citizens. There would be no point spinning up a 'sovereign cloud' beholden to the US.

Garlef 3 hours ago | parent [-]

... And this entity is again owned by AWS. And so the cloud act still applies.

> There would be no point spinning up a 'sovereign cloud' beholden to the US.

Of course: It gives (both sides) a narrative that let's them pretend everything is alright.

progbits 3 hours ago | parent | next [-]

Edit: Looks like the below is not true. However, such setup is technically possible and if they were serious about making it truly isolated from US influence, it can be done.

Original comment: No it's not owned by AWS. It's a separate legal entity with EU based board and they license the technology from the US company.

Garlef 2 hours ago | parent | next [-]

This source says it's 100% owned by AWS USA:

https://openregister.de/company/DE-HRB-G1312-40853

progbits 2 hours ago | parent [-]

Hmm I'm not sure how to interpret that page but it looks like you are right, I'll edit my comment. I was told by GCP PMs that is how the GCP/tsystems setup is structured (see sibling comment) and that it mirrored AWS setup, but maybe that was not correct.

overfeed 2 hours ago | parent | prev [-]

How difficult would it be for the "independent" licensor to exfiltrate data from the "sovereign cloud" via logging or replication?

The control-planes have to be completely independent for anything approaching real independence, not just some legal fiction that's lightly different[1] from the traditional big-tech practice of having an Irish subsidiary licensing the parent company's tech for tax optimization purposes.

1. No different at all, according to sibling comment.

progbits 2 hours ago | parent [-]

I don't know about AWS but I dealt with some (small / tangential) aspects of the GCP setup: https://www.t-systems.com/dk/en/sovereign-cloud/solutions/so...

It is completely separate. There isn't a shared control plane. You don't manage this in the GCP console, its a separate white-label product.

Any updates GCP wants to push are sent as update bundles that must be reviewed and approved by the operator (tsystems). During an outage, the GCP oncall or product team has no access and talks to operator who can run commands or queries on their behalf, or share screenshots of monitoring graphs etc.

(This information is ~3 years stale, but this was such fundamental design principle that I strongly doubt it has changed)

UltraSane 2 hours ago | parent | prev [-]

How would the cloud act apply if none of the employees of the AWS European Sovereign Cloud are US citizens?

Garlef 2 hours ago | parent [-]

> Courts can require parent companies to provide data held by their subsidiaries.

https://en.wikipedia.org/wiki/CLOUD_Act

UltraSane 38 minutes ago | parent [-]

But they would have no way to actually compel anyone who isn't a US citizen. The worst the US could do is fine Amazon until it complied.