Skip to Main Content
Skip to Navigation
Accessibility Statement
Home Cloud Public cloud 101

Public cloud hosting 101

Use this guide to learn about public cloud hosting in the B.C. government and determine if it’s the right option for your product or service.

Last updated on

What is public cloud hosting

Public cloud hosting is like renting space on a computer that’s not yours. Instead of using your own computer to store and run programs, you use the internet to access computing resources that are provided by a third-party company.

This is a scalable and cost-effective option for computing resources on-demand, without the need for on-premises infrastructure.

Public cloud hosting in the B.C. government is managed by the Public Cloud Accelerator team. They can help you access the public cloud.

Why use the Public Cloud Accelerator service to access the public cloud

Security

The Public Cloud Accelerator service provides secure public cloud environments for ministry teams.

When you onboard to the public cloud through our service, your project sets are located in secure B.C. government landing zones that we manage and monitor.

These landing zones meet B.C. government security and privacy standards and are maintained by our team.

We monitor the B.C. government landing zones to improve security and address security alerts, and complete security and privacy assessments (STRA, PIA) for public cloud services on an ongoing basis.

Procurement

We follow B.C. government procurement processes to procure public cloud services and make them available to you. We also simplify contract administration, including billing processes, so you can focus on your work.

User experience

We streamline the onboarding process and automatically provision all the resources you need to work with public cloud service providers. That includes integration with the B.C. government single sign-on (SSO) service, so you can use your IDIR to access public cloud services. We also provide user support, documentation and sample applications to provide guidance and help you get started in the public cloud.

Service providers

We manage space from Amazon Web Services called the B.C. government landing zone (previously known as the SEA). There are several products and services available for you to use in this environment, including infrastructure, platforms and software tools.

The B.C. government AWS landing zone is an Pathfinder space and available to all ministry teams in the B.C. government.

We’re working to make an additional service provider available to product teams in the 2023/2024 fiscal year. To get notified, join our email list.

What to consider before hosting on the public cloud

Any ministry team in the B.C. government can work with public cloud service providers. Less experienced teams may find they need additional support to work well in this environment.

Skills and training

Your team should know how to work with your chosen public cloud provider or be prepared to train themselves.

During your onboarding, we provide:

  • Training on how to work with the B.C. government-imposed guardrails within public cloud landing zones
  • Documentation and resources

We also provide sample applications that you can leverage in your projects. For additional support working in the public cloud, you must contact your service provider support team.

AWS Skillbuilder training

If you are new to AWS Cloud or want to refine your knowledge for AWS services, we encourage you to use AWS Skillbuilder, an online repository with 500+ free training sessions to boost your AWS knowledge.

To access AWS Skillbuilder you’ll need an Amazon account. You can use an existing account or register a new one. Your IDIR login will not work with AWS Skillbuilder.

Security and privacy

Data hosting

You can host data in the public cloud up to and including Protected B data. Protected C data cannot be hosted in the public cloud.

B.C. government guardrails

Not every service provided by a public cloud service provider can be used by B.C. government teams. We have guardrails in place to prevent you from using services that don’t meet B.C. government standards.

Support and community

There is limited support for product teams in the public cloud.

If you need support while working in the public cloud, you’ll rely primarily on support from your public cloud service provider. We provide support for administrative and operational needs, including support for onboarding and billing processes.

If your team needs access to a higher level of support, or wants to engage with a larger community of practice, the B.C. government private cloud, B.C. Government Private Cloud Platform as a Service, has a more established support network of product teams, and a dedicated B.C. government support team.

Data centre connectivity

At present, there is no dedicated connection between B.C. government data centres and the public cloud service provider data centres. As a result, hosting hybrid applications with components hosted in the public cloud and on-premises in the B.C. government’s data centers is not recommended at this time.

If your application needs to connect to a B.C. government data centre, we recommend hosting it with the B.C. Government Private Cloud Platform as a Service.

The Enterprise Hosting branch is working on a new service for B.C. ministry teams to transfer large amounts of data from B.C. government data centers to the public cloud using portable devices such as the AWS Snowcone.

Once the service becomes available, we’ll share more information at the Public Cloud Accelerator community update meetings.

Application requirements

If you are plannng to build or host an application in the public cloud, you must be able to show that your proposed application is suitable to run in a public cloud environment. Your application is considered suitable if:

  • You plan to build it using cloud-native architecture and technology stacks
  • You have endorsement from your ministry’s IMB or architecture team to host your application in the public cloud
  • You have approval from your Ministry Information Security Officer (MISO) to host your application in the public cloud

You must also be able to build your application in an open-source environment. Your underlying code will be stored in the public bcgov organization repositories in GitHub and will be visible to everyone on the internet

Product team requirements

Funding

It’s important that your applications and data are monitored and maintained. For this reason, your team must have a sufficient budget to support your applications and data for their entire lifetime in the public cloud. This budget must be confirmed when you onboard to the Public Cloud Accelerator service.

Team roles

To work well in the public cloud, your product team should include:

  • Product Owner
  • DevOps Lead
  • Developers

Product Owner

You must be able to identify a permanent government employee on your team to be the product owner for the applications and data you host in the public cloud.

The product owner is:

  • Responsible for your public cloud products throughout their entire lifetime in the public cloud
  • Accountable for keeping your product code, libraries and supporting tools functional, current and secure. This includes responding to any changes in the public cloud service that may affect the performance of your applications or data

DevOps Lead

You should have at least one person on your team with DevOps skills when you start working in the public cloud. The DevOps lead is responsible for ensuring that your application is designed for resiliency and high availability, and has monitoring and alerting functionality.

Developers

Most product teams need at least one developer in order to effectively make use of public cloud services. You should also consider your team’s level of expertise working with different public cloud service providers. For example, developers with prior experience working in AWS will be much more comfortable working in the B.C. government AWS landing zone than developers with no AWS experience.

Costs and billing

Determine how much it will cost to host in the public cloud.

Estimate your costs

Public cloud costs in AWS vary, depending on the services you use. The most reliable way to estimate how much you’ll spend on public cloud services is by using the AWS Pricing Calculator.

It costs about $200 USD per month just to have a project set in AWS, without using any additional services or resources. In addition to the cost of hosting with AWS, you pay a 10% fee to Shared Services Canada.

The 10% fee covers B.C.’s use of the Government of Canada Brokering Agreement for accessing AWS services and is charged to all product teams. This fee won’t appear in the AWS cost calculator.

Paying your bill

We manage the billing for all teams using Public Cloud Accelerator-managed cloud services, including AWS.

Once a week, we’ll send you an email with a consumption report that outlines the services and resources you used and how much they cost.

Once every three months, we’ll send you an invoice to pay for the services and resources you used via Journal Voucher (JV). This invoice also includes the 10% fee paid to Shared Services Canada.

For AWS users

In your consumption report you will see service charges for:

  • CloudTrail
  • CloudWatch
  • Systems Manager
  • Secrets Manager
  • S3
  • Simple Queue Service
  • Simple Notification Service
  • ASW Config
  • Elastic Load Balancing
  • GuardDuty
  • Key Management Service
  • Lambda
  • Macie
  • Security Hub
  • NAT gateway

These tools are implemented as part of the security guardrails within the B.C. government AWS landing zone. Service fees for these tools are included in the invoices for each team that uses the B.C. government AWS landing zone.

Questions about costs and billing

If you have questions about public cloud hosting costs and billing, or if you believe there is an error in an invoice we sent you, email us at Cloud.Pathfinder@gov.bc.ca or view our support channels.

Account closure and project set deletion

If you want to close an account and delete a project set, only the product owner or technical lead can make the request.

If you are a product owner or technical lead:

Or

  • To delete your project in AWS, you can do so by following these steps:

    1. Log in to the Product Registry as the product owner 
    2. Select Public Cloud Products section tab
    3. Choose the project set for deletion
    4. Click the delete icon in the top right corner. A warning message will appear; enter the license plate and project owner’s email
    5. Confirm by reviewing important information about the process and clicking the delete button

It is very important to consider the following:

  • The deletion process may take up to 5 business days to process
  • After deletion, the account will be in post-closure status for 90 days, as per the AWS policy
  • During this 90-day period, you may still incur charges and receive weekly billing email notifications
  • After 90 days, you won’t get weekly notifications, but you can expect a final quarterly bill for any closed project sets within that quarter
  • AWS limits the number of projects we can close each month. If the quota is exceeded for the current month, your deletion request may be queued until the next month, and charges will continue during that time.

You can follow up about the status of your project deletion and account closure request via email to cloud.pathfinder@gov.bc.ca.