Butterfly Projects Ltd

AWS - Managed Amazon Web Services

We provide hosting solutions over Amazon Web Services, with experienced consultants to help you migrate data and services to the cloud securely and easily. This managed service allows you to migrate data from RDBMS legacy systems such as Oracle and Microsoft SQL Server to your chosen target database.


  • Suitable for OFFICIAL (formerly IL2/IL3) workloads
  • Uses the UK(London) region and availability zones
  • Security Cleared (SC) staff highly experienced working with sensitive data
  • Data storage, archiving, backups and retrieval
  • Traditional RDBMS databases or NoSQL, with elastic scaling
  • Web based applications and services to meet your requirements
  • Encryption in transit and at rest


  • Identity and Access Management using groups and roles
  • Well architected design using AWS best practice
  • Highly available, fault tolerant, durable and geo-resilient infrastructure
  • Only pay for what you use - scale as necessary
  • Cleanse data or work with tokenised data


£0 to £100 per unit per minute

Service documents

G-Cloud 10


Butterfly Projects Ltd

Sara Boltman



Service scope

Service scope
Service constraints Support is limited to current versions of software supported by the underlying AWS platform as a service
System requirements
  • If you want to migrate SQL Server you must BYOL
  • Bring Your Own License can also be used for Oracle

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times In standard business hours (monday-friday 9am-5pm) you will typically get a response within 4 hours, resolution for more complex problems may take longer.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Our onsite support is listed separately on Gcloud under Cloud Services
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The documentation provided on the AWS marketplace is comprehensive and has a 'quickstart' guide explaining how to get started. There is also a detailed document for your security personnel to explain how this stack has been accredited and to ensure that in configuring it for your own organisation's use you do not compromise the integrity of the solution.
Service documentation No
End-of-contract data extraction Using AWS Import/Export
End-of-contract process It ends

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available No
Independence of resources Amazon Web Services ensure that there is no impact from other users
Usage notifications No


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold Amazon Web Services

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Databases
Backup controls Policies can be set up to move data from S3 to Glacier when instant access to the data is not required
Datacentre setup Multiple datacentres
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We are dependent upon the underlying Amazon Web Services platform, which is highly available.
Approach to resilience Available on request
Outage reporting Available on request

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Administrator and privileged access accounts use MFA. Normal users can just register with username and password. Data consumers (viewing reports etc) can use federation if you choose to enable it
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through
  • Dedicated device on a government network (for example PSN)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications The underlying AWS platform has ISO27001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are able to leverage the certifications that AWS has achieved
Information security policies and processes Available on request

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We rely on the change management process implemented by AWS
Vulnerability management type Undisclosed
Vulnerability management approach We depend upon the patching performed by AWS
Protective monitoring type Undisclosed
Protective monitoring approach We depend upon the incident response detection from AWS
Incident management type Undisclosed
Incident management approach Users can report incidents via email.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Amazon Web Services
How shared infrastructure is kept separate AWS provides strict separation

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £0 to £100 per unit per minute
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑