Sovereign Cloud Service Catalogue
Complete catalogue of 36 sovereign cloud capabilities with maturity levels, complexity ratings, dependencies, acceptance criteria, and current delivery status.
Purpose: This catalogue tracks the development status of each capability required for sovereign cloud operations. Services are ordered by deployment priority based on dependency chains and criticality for government operations.
Legend
Maturity: Production Beta Alpha Planned Research
Complexity: Low Medium High Critical
Priority: Critical Core infrastructure, blocks others High Essential for Track A Medium Track B requirement Low Enhancement
Delivery Status Summary
4
Production Ready
8
In Beta
6
In Alpha
15
Planned
3
Research
Complete Service Catalogue
| ID | Capability | AWS Equiv. | Open Source | Maturity | Complexity | Priority | Dependencies |
|---|---|---|---|---|---|---|---|
| A. COMPUTE & APP HOSTING - Foundation infrastructure for running workloads | |||||||
| CAP-A01 | Virtual Machine Service | EC2 | CloudStack Compute | Production | Medium | Critical | None (foundation) |
| CAP-A02 | Kubernetes Service | EKS | Rancher + K8s | Production | High | Critical | CAP-A01, CAP-D01 |
| CAP-A03 | Serverless Functions | Lambda | OpenFaaS / Knative | Beta | High | High | CAP-A02, CAP-F01 |
| CAP-A04 | Batch Processing | Batch | Argo Workflows | Beta | Medium | Medium | CAP-A02 |
| B. STORAGE - Object, block, and file storage services | |||||||
| CAP-B01 | Object Storage (S3) | S3 | MinIO | Production | Medium | Critical | CAP-A01 |
| CAP-B02 | Block Storage | EBS | Ceph RBD | Production | Medium | Critical | CAP-A01 |
| CAP-B03 | File Storage | EFS | CephFS | Beta | Medium | High | CAP-B02 |
| CAP-B04 | Archive Storage | Glacier | MinIO Tiering | Alpha | Low | Low | CAP-B01 |
| C. DATABASES - Managed database services | |||||||
| CAP-C01 | PostgreSQL Service | RDS PostgreSQL | CloudNativePG | Beta | Medium | Critical | CAP-A02, CAP-B02 |
| CAP-C02 | MySQL Service | RDS MySQL | Vitess | Alpha | Medium | High | CAP-A02, CAP-B02 |
| CAP-C03 | Redis Cache | ElastiCache | Valkey / KeyDB | Beta | Low | High | CAP-A02 |
| CAP-C04 | Document Database | DocumentDB | FerretDB | Alpha | Medium | Medium | CAP-C01 |
| CAP-C05 | Wide-Column Database | DynamoDB | ScyllaDB | Planned | High | Medium | CAP-A02, CAP-B02 |
| D. NETWORKING - Network infrastructure and services | |||||||
| CAP-D01 | Virtual Networking | VPC | CloudStack Networks | Production | Medium | Critical | None (foundation) |
| CAP-D02 | Load Balancing | ELB/ALB | HAProxy / Traefik | Beta | Medium | Critical | CAP-D01 |
| CAP-D03 | DNS Service | Route 53 | PowerDNS | Beta | Low | High | CAP-D01 |
| CAP-D04 | CDN Service | CloudFront | Varnish / Traffic Server | Planned | High | Medium | CAP-D02, CAP-B01 |
| CAP-D05 | API Gateway | API Gateway | Kong / APISIX | Alpha | Medium | High | CAP-D02, CAP-E01 |
| E. SECURITY & IDENTITY - Authentication, authorization, encryption | |||||||
| CAP-E01 | Identity & Access | IAM / Cognito | Keycloak | Beta | High | Critical | CAP-C01 |
| CAP-E02 | Secrets Management | Secrets Manager | OpenBao | Alpha | High | Critical | CAP-E01 |
| CAP-E03 | Key Management | KMS | OpenBao + HSM | Planned | Critical | Critical | CAP-E02, HSM Hardware |
| CAP-E04 | Certificate Management | ACM | cert-manager + OpenBao | Planned | Medium | High | CAP-E02 |
| CAP-E05 | WAF Service | WAF | ModSecurity / Coraza | Planned | Medium | High | CAP-D02 |
| F. MESSAGING & INTEGRATION - Message queues, events, integration | |||||||
| CAP-F01 | Message Queue | SQS | RabbitMQ / NATS | Planned | Medium | High | CAP-A02 |
| CAP-F02 | Pub/Sub Service | SNS | NATS / RabbitMQ | Planned | Medium | Medium | CAP-F01 |
| CAP-F03 | Event Streaming | Kinesis | Apache Kafka / Redpanda | Planned | High | Medium | CAP-A02, CAP-B02 |
| CAP-F04 | Event Bus | EventBridge | Knative Eventing | Research | High | Low | CAP-A03, CAP-F01 |
| G. DEVOPS & OBSERVABILITY - Monitoring, logging, CI/CD | |||||||
| CAP-G01 | Metrics & Monitoring | CloudWatch | Prometheus + Grafana | Planned | Medium | Critical | CAP-A02 |
| CAP-G02 | Log Aggregation | CloudWatch Logs | Loki / OpenSearch | Planned | Medium | High | CAP-A02, CAP-B01 |
| CAP-G03 | Distributed Tracing | X-Ray | Jaeger / Tempo | Planned | Medium | Medium | CAP-G01 |
| CAP-G04 | Container Registry | ECR | Harbor | Planned | Low | Critical | CAP-B01 |
| CAP-G05 | CI/CD Platform | CodePipeline | GitLab CI / Woodpecker | Planned | Medium | Critical | CAP-G04, CAP-A02 |
| H. ANALYTICS & DATA - Data processing and analytics | |||||||
| CAP-H01 | Data Warehouse | Redshift | ClickHouse / DuckDB | Research | High | Medium | CAP-C01, CAP-B01 |
| CAP-H02 | ETL/Data Pipeline | Glue | Apache Airflow | Planned | High | Medium | CAP-A02, CAP-H01 |
| CAP-H03 | Search Service | OpenSearch | OpenSearch / Meilisearch | Planned | Medium | Medium | CAP-A02, CAP-B02 |
| CAP-H04 | ML Platform | SageMaker | Kubeflow / MLflow | Research | Critical | Low | CAP-A02, CAP-B01, GPU Hardware |
Standard Acceptance Criteria
All capabilities must meet the following criteria before advancing to Production status:
Functional Requirements
- All API endpoints documented and functional
- Feature parity with minimum viable specification
- Multi-tenancy isolation verified
- Integration tests passing in all 4 jurisdiction environments
Security Requirements
- Security Working Group sign-off
- Penetration test completed (no CRITICAL/HIGH findings unresolved)
- SAST/DAST scans passing with zero CRITICAL findings
- Encryption at rest and in transit implemented
- Audit logging enabled and verified
- RBAC integration with CAP-E01 (Keycloak) complete
Performance Requirements
- SLA targets met (99.9% availability for Critical, 99.5% for High priority)
- Latency P99 within specification
- Load testing at 2x expected peak completed
- Chaos engineering tests passed (node failure, network partition)
Documentation Requirements
- API documentation (OpenAPI/Swagger)
- Deployment guide (OpenTofu + Helm)
- Operational runbook (incident response, DR procedures)
- Security guide (hardening, compliance mapping)
- Migration guide (from equivalent AWS service)
Operational Requirements
- Monitoring dashboards configured in CAP-G01 (Prometheus/Grafana)
- Alerting rules defined and tested
- Backup and restore procedures verified
- Disaster recovery tested (RTO/RPO met)
- Support handover to L1/L2 teams completed
Delivery Roadmap (Track A - 36 Months)
| Phase | Timeline | Capabilities | Milestone |
|---|---|---|---|
| Foundation | Months 1-6 | CAP-A01, CAP-D01, CAP-B01, CAP-B02 | Core compute, networking, storage operational |
| Platform | Months 7-12 | CAP-A02, CAP-D02, CAP-E01, CAP-G04 | Kubernetes, IAM, container registry ready |
| Services | Months 13-18 | CAP-C01, CAP-C03, CAP-E02, CAP-G01, CAP-G05 | Databases, secrets, monitoring, CI/CD operational |
| Integration | Months 19-24 | CAP-A03, CAP-D05, CAP-F01, CAP-G02 | Serverless, API gateway, messaging ready |
| Hardening | Months 25-30 | CAP-E03, CAP-E04, CAP-E05 | KMS, certificates, WAF operational |
| Validation | Months 31-36 | All Track A capabilities | Emergency capability validated, Gate 3 review |
Document Status
Version: 1.0 | Last updated: January 2026
Classification: Official