Private Cloud on AWS Deployment Options

If you have requirements that are not met by the Public Cloud deployment option, you can choose one of the Private Cloud on AWS deployment options:

  • Private Cloud on AWS Basic is a dedicated option that builds on Public Cloud performance and management. It addresses specific data residency needs and includes a PCI add-on.

  • Private Cloud on AWS Performance includes all Private Cloud on AWS Basic capabilities with increases requests per second (RPS) to 500, upgrade control, load testing, and a GEO-HA add-on.

  • Private Cloud on AWS Performance Plus includes all Private Cloud on AWS Performance capabilities and increases RPS to 1,500 and load testing.

Operational differences

The table below compares each of the Private Cloud options with the Public Cloud option.

Feature Public Cloud Private Cloud on AWS Basic Private Cloud on AWS Performance Private Cloud on AWS Performance Plus
Tenancy Multi Single Single Single
Requests per second (RPS) 100 100 500 1,500
Service level agreement (SLA) 99.99% 99.99% 99.99% 99.99%
Data residency Public cloud regions only Yes Yes Yes
Upgrade flexibility No No Yes Yes
Dev environment No No 1 1

Data residency and isolation

With Private Cloud on AWS, you can choose the region where your data is stored. Auth0 can provide a list of available regions that use three availability zones for the deployment. All data can remain and be stored in the chosen region. This is crucial in instances where regulations prevent data from being stored or processed outside the origin region.

Backups and logs

For Private Cloud on AWS customers, by default, backups will be processed and stored in the United States (USA). Service logs will be processed in the region closest to where Private Cloud is hosted, currently, this includes:

  • Australia

  • Canada

  • Germany

  • India

  • Ireland

  • Japan

  • United States

Data sovereignty

If you have data sovereignty requirements, Auth0 supports Public Cloud deployments in the following regions:

  • United States

  • Europe

  • Australia

  • Japan

Otherwise, the Private Cloud on AWS can be supported in other regions (except China). Furthermore, Auth0 can deploy backups to AWS's S3 service in the same region that hosts the Private Cloud.

Maximum availability

Auth0's Private Cloud on AWS instances have a 99.99% service level agreement (SLA).

High demand apps

If your application requires a significantly high amount of requests per second (RPS), you may also wish to consider Private Cloud on AWS. Public and Private Cloud deployment options support up to 100 requests per second (RPS). If you require more than 100 RPS, you should choose a Private Cloud deployment option. See the rate limits policies for more information about the standard rate limits. For Private Cloud deployments, the limit is 100 RPS with an upgrade to 1,500 RPS.

PCI compliance certification

If your application is PCI Compliant or striving to be, and your requirements indicate that your identity provider also needs to be PCI compliant, this is only available as a Private Cloud on AWS addon. Public Cloud customers cannot acquire this benefit.

Add-ons and service differences

Add-on or Service Public Cloud Private Cloud on AWS Basic Private Cloud on AWS Performance Private Cloud on AWS Performance Plus
GEO-HA Yes in US and EU only No Yes Yes
PCI No Yes Yes Yes
Additional dev environments No No Yes Yes

Please note GEO-HA is built within the Public Cloud platform infrastructure, but can be purchased as an add-on for Private Cloud on AWS Performance and Private Cloud on AWS Performance Plus.

Geographic high availability

With the Geographic High Availability (GEO-HA) add-on, you will have the highest form of dedicated deployment availability offered by Auth0.

The standard dedicated deployment is a single-region, high availability solution, but the GEO-HA add-on extends the cluster with a geographically-distributed region where the maximum round-trip latency does not exceed 100 milliseconds. This is referred to as a high-availability GEO cluster, which is a warm standby configuration with failure handling for rapid recovery during a regional outage.

PCI certified

Auth0's dedicated deployments are ISO27001, SOC 2 Type II, ISO27018, and HIPAA BAA compliant, but the PCI Certified add-on ensures that your deployment is compliant with PCI-DSS requirements as well.

Additional dev environments

Private Cloud on AWS Performance and Performance Plus deployments include a fully-isolated and independently-updated instance for development and testing. You can add additional pre-production environments to meet your business requirements.

Guaranteed requests per second (RPS) and SLA do not apply to pre-production environments.

Limitations

Data residency

Private Cloud on AWS is fully deployable (meeting full data sovereignty requirements) in the following regions:

  • USA

  • Europe

  • Australia

  • Japan

  • Canada

Guardian MFA

Auth0’s default public Guardian MFA application (the app you can download from your MobileOS's AppStore) is not compatible with dedicated instances because it is always pointing to cloud shared endpoints. However, you can still leverage Auth0 Guardian via the Guardian SDK. Using the Guardian SDK, you can build your own MFA application that calls the Guardian API and can provide push notifications via Guardian. You can still leverage third-party MFA solutions via Auth0, such as Duo or Google Authenticator, while deployed within Private Cloud on AWS, this simply would not leverage Auth0 Guardian.

User import and export

User import with hashed password is available upon request.

Learn more