This chapter covers AWS Outposts, a hybrid cloud service that brings native AWS infrastructure, services, and tools to virtually any on-premises data center or co-location space. For the CLF-C02 exam, this topic falls under Domain 3: Cloud Technology Services, Objective 3.1, which tests your understanding of how AWS supports hybrid architectures. While not a major percentage of the exam, questions on Outposts frequently appear as scenario-based items that require you to distinguish it from other hybrid services like AWS Storage Gateway or AWS Direct Connect. Mastering Outposts will help you identify the correct solution for low-latency, local data processing needs that must also integrate with the broader AWS ecosystem.
Jump to a section
Imagine your company has a main headquarters (the AWS cloud) with unlimited resources—servers, storage, networking—and a set of standard operating procedures. But you also have a remote factory floor that requires ultra-low-latency control of machinery, where even a 10-millisecond delay could cause defective products. You can't run the factory from headquarters because the network latency is too high. So, you install a miniature, self-contained version of your headquarters right on the factory floor: a secure, locked cabinet that contains the same servers, storage, and networking gear that headquarters uses, pre-configured with the same software and security policies. This cabinet is physically isolated but logically connected to headquarters via a dedicated, encrypted network link. Your factory floor employees use the exact same tools and processes as headquarters, and any data that doesn't require real-time processing is automatically synced back to headquarters for central backup and analytics. The cabinet can even operate independently if the link to headquarters goes down, then sync changes when connectivity resumes. That is AWS Outposts: a fully managed, consistent AWS infrastructure that runs on-premises, delivering the same APIs, tools, and services as the AWS cloud, but with single-digit millisecond latency to your local applications.
What Is AWS Outposts and What Problem Does It Solve?
AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to virtually any on-premises data center or co-location space. It consists of a physical rack of compute and storage servers that AWS installs, monitors, and maintains inside your facility. This rack is connected to the nearest AWS Region via a dedicated, high-bandwidth network link (typically AWS Direct Connect or a VPN over the internet). The key problem Outposts solves is the need for ultra-low latency (single-digit milliseconds) for applications that must run on-premises—for example, factory automation, video processing, or point-of-sale systems—while still requiring seamless integration with AWS services for backup, analytics, or machine learning.
Before Outposts, customers had two imperfect options: run everything on-premises with no cloud integration, or move everything to the cloud and suffer latency. Outposts provides a third path: keep sensitive or latency-critical workloads on-premises but manage them with the same AWS Console, CloudFormation, IAM, and APIs you use in the cloud. This means your developers can use the same tools and deployment pipelines for both cloud and on-premises workloads, reducing operational overhead.
How AWS Outposts Works — The Mechanism
The Outposts rack is a physical appliance that AWS ships to your site. It contains AWS-designed hardware, including compute (EC2 instances), storage (EBS volumes), and networking (local VPC subnets). AWS remotely manages the rack's firmware, security patches, and health monitoring—you never have to touch the hardware. The rack connects to your on-premises network via your existing switches and routers, and it connects to AWS via a service link. This service link uses either AWS Direct Connect (recommended for consistent performance) or a VPN over the public internet.
Once installed, the Outposts rack appears as an extension of your Amazon VPC. You can create subnets that are backed by Outposts capacity, launch EC2 instances into those subnets, attach EBS volumes, and use services like Amazon ECS, Amazon EKS, or Amazon RDS on Outposts. The rack runs the same AWS Nitro System that powers modern EC2 instances, ensuring consistent performance and security. Data stored on Outposts is encrypted at rest using AWS KMS keys, and you control the key material.
Key Tiers, Configurations, and Pricing Models
AWS offers two configurations of Outposts: 42U and 12U racks. The 42U rack is the standard size, providing up to 96 compute nodes and 264 TB of usable NVMe SSD storage. The 12U rack is a smaller form factor for space-constrained locations, with up to 24 compute nodes and 66 TB of storage. You can also order a half-rack or quarter-rack configuration. Compute options include general-purpose (e.g., m5, m5d), compute-optimized (c5, c5d), memory-optimized (r5, r5d), and GPU-accelerated (g4dn) instance types. Storage options include Amazon EBS volumes (gp2, gp3, io1, io2) and local instance stores.
Pricing for Outposts is a combination of a one-time infrastructure cost for the hardware and a monthly service fee based on the compute and storage capacity you reserve. You can choose a 1-year or 3-year term, with lower monthly fees for longer commitments. There are no data transfer charges for traffic between Outposts and the parent AWS Region over the service link, but you pay standard AWS rates for any AWS services you use on Outposts (e.g., EC2 instances, EBS volumes).
Comparison to On-Premises or Competing Approaches
Compared to a traditional on-premises data center, Outposts eliminates the need for your team to manage hardware lifecycle, rack-and-stack, and firmware updates. AWS handles all physical maintenance, including replacing failed components. Compared to running everything in the cloud, Outposts gives you local processing with minimal latency. Compared to other hybrid services:
AWS Storage Gateway provides cloud-backed storage for on-premises applications but does not offer compute or native AWS APIs.
AWS Direct Connect is a dedicated network connection that improves latency and reliability but does not provide local compute or storage.
VMware Cloud on AWS allows you to run VMware workloads on AWS hardware but is not a native AWS experience.
Outposts is unique because it brings the full AWS API surface to your data center. You can run EC2, EBS, ECS, EKS, RDS, and even Lambda (via AWS IoT Greengrass) locally.
When to Use Outposts vs Alternatives
Use Outposts when:
You need single-digit millisecond latency for workloads that cannot tolerate round-trips to an AWS Region.
You have data residency requirements that mandate data stay within a specific geographic boundary.
You want to modernize on-premises applications gradually by running them on AWS hardware with the same APIs.
You need to run workloads that require local data processing and also need to integrate with cloud services for analytics, backup, or machine learning.
Do not use Outposts when:
You only need backup or file sharing—use Storage Gateway.
You only need a faster network connection—use Direct Connect.
You can tolerate 10-20 ms latency and want full elasticity—use the cloud directly.
You need a fully managed database service without local hardware—use Amazon RDS in the cloud.
Order and Plan the Outposts Configuration
First, you work with AWS to determine the right Outposts configuration: rack size (42U or 12U), compute and storage capacity, and instance types. You also plan the network connectivity: you need a service link to an AWS Region via Direct Connect or VPN, and a local network connection to your on-premises switches. AWS provides a detailed site preparation guide. You must ensure your facility has adequate power, cooling, and physical space. The ordering process includes a one-time hardware cost and a monthly service fee based on a 1- or 3-year term.
AWS Ships and Installs the Rack
AWS ships the Outposts rack to your site and sends a technician to install it. The technician racks the hardware, connects power and networking, and verifies the service link to AWS. You do not need to configure the hardware—AWS handles all firmware and initial setup. The rack is physically secured with tamper-evident seals and can be locked in a cage. Once installed, the Outposts rack appears as a new AWS resource in your account, ready for use.
Create Outposts-Enabled VPC Subnets
In the AWS Management Console, you create a new VPC or use an existing one. You then create subnets that are associated with your Outposts. These subnets have a special property: they are backed by Outposts capacity. When you launch resources into these subnets, they run on the Outposts hardware, not in the AWS Region. You can also create subnets that are not Outposts-backed for resources that should run in the cloud. This allows you to architect hybrid applications that span both environments.
Launch and Manage Resources on Outposts
You launch EC2 instances, attach EBS volumes, and deploy containers using the same AWS Console, CLI, SDKs, or CloudFormation as you would in the cloud. The instances run the same AMIs and are managed by the same IAM policies. Services like Amazon ECS, Amazon EKS, and Amazon RDS for Outposts are available. For example, you can launch an RDS database on Outposts that replicates to a cross-Region read replica in the cloud. AWS monitors the health of the Outposts rack and automatically replaces failed components.
Manage Data and Connectivity
Data on Outposts can be backed up to the cloud using AWS Backup or simply by copying data to S3 over the service link. The service link is encrypted and dedicated to Outposts traffic. If the link goes down, your Outposts workloads continue to run independently. When connectivity is restored, any pending changes (e.g., database writes) are synced. You can also use AWS Systems Manager to manage instances on Outposts, and AWS CloudTrail logs all API calls. At the end of the term, AWS securely erases the data and removes the rack.
Scenario 1: Factory Automation with Sub-Millisecond Latency
A global automotive manufacturer uses robotic arms on an assembly line that require real-time control with latency under 5 milliseconds. The factory is located in a remote area with limited connectivity to an AWS Region. They deploy an AWS Outposts 12U rack on the factory floor. The rack runs EC2 instances with GPU acceleration for computer vision models that guide the robots. The Outposts rack connects to the nearest AWS Region via AWS Direct Connect for backup and analytics. The manufacturer uses Amazon ECS on Outposts to orchestrate containerized control applications. The result is consistent low latency, and the IT team can manage the factory workloads using the same CI/CD pipelines as their cloud applications. A misconfiguration could occur if the Outposts subnets are not correctly isolated from the factory's general network, leading to security risks. Cost: The one-time hardware cost was approximately $100,000, with a monthly fee of $15,000 for the 3-year term, plus EC2 instance charges.
Scenario 2: Financial Services Data Residency
A bank in the European Union must keep customer transaction data within the country due to GDPR. The bank's core banking system requires single-digit millisecond latency for transaction processing. They deploy an Outposts 42U rack in their on-premises data center. The rack runs Amazon RDS for Outposts as the primary database, with a cross-Region read replica in a different AWS Region for disaster recovery. The service link uses AWS Direct Connect with encryption. The bank's compliance team can audit the physical rack, and AWS provides a Data Residency attestation. A common mistake is assuming Outposts automatically encrypts all data at rest by default—while it does, customers must manage their own KMS keys for full control. The monthly cost for the Outposts rack is around $30,000, but the bank avoids millions in potential fines.
Scenario 3: Retail Point-of-Sale with Intermittent Connectivity
A large retail chain operates hundreds of stores, some in rural areas with unreliable internet. Each store runs a point-of-sale (POS) system that must remain operational even if the internet goes down. They deploy a small Outposts 12U rack in each store. The POS application runs on EC2 instances on Outposts, with local EBS storage for transaction data. When the internet is up, transaction data is replicated to an Amazon S3 bucket in the cloud for centralized reporting. If the internet goes down, the POS continues to work, and data syncs automatically when connectivity resumes. The IT team uses AWS Systems Manager to apply patches to all Outposts racks centrally. Misconfiguration: If the Outposts service link is set up over a VPN instead of Direct Connect, performance may degrade during peak hours. Cost per store: approximately $50,000 one-time plus $8,000 monthly for a 3-year term.
CLF-C02 Focus: Hybrid Infrastructure with Outposts
The CLF-C02 exam tests your understanding of AWS Outposts as a hybrid cloud solution under Domain 3: Cloud Technology Services, Objective 3.1. You should expect 1-2 scenario-based questions that ask you to identify the correct AWS service for a given requirement. The exam will not ask you to configure Outposts but will test your ability to differentiate it from other hybrid services.
Common Wrong Answers and Why Candidates Choose Them
AWS Storage Gateway – Candidates see 'on-premises' and 'hybrid' and pick Storage Gateway. But Storage Gateway only provides storage (file, volume, tape) and does not provide compute or native AWS APIs. Outposts provides both compute and storage with full AWS API compatibility.
AWS Direct Connect – Candidates think a dedicated network connection will solve latency. Direct Connect reduces network latency but does not eliminate the physical distance to the Region. Outposts eliminates network latency by running compute locally.
VMware Cloud on AWS – Candidates familiar with VMware may choose this. But VMware Cloud on AWS runs VMware software on AWS hardware, not native AWS services. Outposts runs native AWS services.
AWS Wavelength – Candidates confuse edge locations with on-premises. Wavelength embeds AWS compute at 5G network edge, not in your data center.
Specific Terms and Values That Appear on the Exam
Outposts rack sizes: 42U and 12U.
Service link: must be via Direct Connect or VPN.
Supported services: EC2, EBS, ECS, EKS, RDS, and EMR (limited).
Instance families: m5, c5, r5, g4dn, i3, etc.
Pricing: one-time infrastructure cost + monthly service fee (1-year or 3-year term).
Tricky Distinctions
The exam may present a scenario where a customer needs low latency but also needs to run containers. Outposts supports Amazon ECS and EKS, while Storage Gateway does not. Another tricky point: Outposts requires a service link to a parent Region; it cannot operate fully disconnected for extended periods (though it can run independently temporarily).
Decision Rule
If the scenario requires: - Low latency (<10 ms) and on-premises compute → Outposts. - On-premises storage only (file, volume, tape) → Storage Gateway. - Faster network to cloud → Direct Connect. - Edge compute for 5G → Wavelength. - VMware workloads on AWS → VMware Cloud on AWS.
Eliminate any option that does not provide compute or does not run native AWS APIs.
AWS Outposts is a physical rack of AWS hardware installed in your data center that runs native AWS services locally.
It is designed for workloads that require single-digit millisecond latency, data residency, or local data processing.
Outposts supports EC2, EBS, ECS, EKS, RDS, and EMR (limited) with the same APIs as the AWS cloud.
Pricing includes a one-time infrastructure cost and a monthly service fee based on a 1- or 3-year term.
The service link to the parent AWS Region must use AWS Direct Connect or a VPN.
Outposts is not a replacement for Storage Gateway, Direct Connect, or Local Zones—each solves a different hybrid challenge.
On the CLF-C02 exam, identify Outposts when the scenario mentions 'low latency on-premises compute with AWS APIs'.
These come up on the exam all the time. Here's how to tell them apart.
AWS Outposts
Provides both compute and storage on-premises
Runs native AWS APIs (EC2, EBS, ECS, etc.)
Requires a physical rack installed by AWS
One-time hardware cost + monthly fee
Low latency for compute workloads
AWS Storage Gateway
Provides storage only (file, volume, tape)
Does not provide compute or native AWS APIs
Software appliance that can run on existing hardware
Pay-as-you-go pricing based on usage
Low latency for storage access, but compute still in cloud
Mistake
AWS Outposts is a software-only solution that you install on your own hardware.
Correct
Outposts is a physical rack of AWS-designed hardware that AWS installs and manages. You cannot run Outposts software on your own servers.
Mistake
Outposts can run completely offline without any connection to AWS.
Correct
Outposts can operate independently for a limited time if the service link goes down, but it requires periodic connectivity for management, patching, and billing. It is not designed for permanent disconnected operation.
Mistake
Outposts supports all AWS services exactly as in the cloud.
Correct
Outposts supports a subset of AWS services: EC2, EBS, ECS, EKS, RDS, and EMR (limited). Services like Lambda, S3, DynamoDB, and API Gateway are not available directly on Outposts.
Mistake
Outposts is a pay-as-you-go service with no upfront costs.
Correct
Outposts requires a one-time infrastructure cost for the hardware plus a monthly service fee. You commit to a 1- or 3-year term. It is not pay-as-you-go like standard EC2.
Mistake
Outposts and AWS Local Zones are the same thing.
Correct
Local Zones are AWS-managed infrastructure in metro areas that extend a Region closer to users. Outposts is customer-managed (physically) in your own data center. Local Zones are owned and operated by AWS; Outposts is owned by AWS but installed on your premises.
AWS Outposts is a physical rack installed in your own data center, providing low-latency access to AWS services on-premises. AWS Local Zones are extensions of an AWS Region that place compute, storage, and other services closer to large population centers, but they are owned and operated by AWS in AWS data centers. Outposts is for customer-controlled locations; Local Zones are for metro areas. For the exam, remember: Outposts = your facility, Local Zones = AWS facility near you.
No, Amazon S3 is not available directly on Outposts. However, you can use AWS Storage Gateway to cache S3 data locally, or you can use EBS volumes on Outposts for local storage. If you need S3 API compatibility on-premises, consider using AWS Storage Gateway with S3 File Gateway. On the exam, know that Outposts supports EBS but not S3.
Outposts can continue to operate independently for a period of time (typically up to 7 days) without the service link. Local workloads continue to run, and data remains accessible. When connectivity is restored, any changes are synced with the Region. However, certain management operations (like launching new instances from AMIs stored in the cloud) may not be available until the link is restored. The exam may test that Outposts is designed for intermittent connectivity but not permanent disconnection.
Outposts is available in most commercial AWS Regions, but not all. You must check the AWS Regional Services list for the latest availability. The parent Region must support Outposts, and the service link connects to that Region. For the exam, you do not need to memorize which Regions support Outposts, but know that it is not available in every Region.
The Outposts rack is shipped with tamper-evident seals and can be locked in a cage. AWS technicians install the rack but do not have access to your data. The rack uses AWS Nitro System for security, and all data at rest is encrypted using AWS KMS. You control the encryption keys. Physical security is your responsibility once the rack is on your premises. The exam may ask about shared responsibility: AWS secures the hardware and firmware; you secure the facility and access.
Yes, Outposts is covered under AWS Support plans. You can get technical support for Outposts issues through the same support channels as other AWS services. AWS also provides proactive monitoring and automatic replacement of failed hardware components. The exam may not test this, but it's good to know for real-world use.
AWS Wavelength embeds AWS compute and storage at the edge of 5G networks, enabling ultra-low latency for mobile and IoT applications. Outposts is for on-premises data centers or co-location facilities. Wavelength is managed by AWS and telecom providers; Outposts is managed by AWS but physically located in your facility. For the exam, if the scenario involves 5G or mobile users, think Wavelength; if it involves your own data center, think Outposts.
You've just covered AWS Outposts — Hybrid Infrastructure — now see how well it sticks with free CLF-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?