AWS service endpoints - AWS General Reference

AWS service endpoints

To connect programmatically to an AWS service, you use an endpoint. An endpoint is the URL of the entry point for an AWS web service. The AWS SDKs and the AWS Command Line Interface (AWS CLI) automatically use the default endpoint for each service in an AWS Region. But you can specify an alternate endpoint for your API requests.

If a service supports Regions, the resources in each Region are independent of similar resources in other Regions. For example, you can create an Amazon EC2 instance or an Amazon SQS queue in one Region. When you do, the instance or queue is independent of instances or queues in all other Regions.

Regional endpoints

Most Amazon Web Services offer a Regional endpoint that you can use to make your requests. The general syntax of a Regional endpoint is as follows.

protocol://service-code.region-code.amazonaws.com

For example, https://dynamodb.us-west-2.amazonaws.com is the endpoint for the Amazon DynamoDB service in the US West (Oregon) Region.

The following table lists the name and code of each Region.

Region Name Code
US East (Ohio) us-east-2
US East (N. Virginia) us-east-1
US West (N. California) us-west-1
US West (Oregon) us-west-2
Africa (Cape Town) af-south-1
Asia Pacific (Hong Kong) ap-east-1
Asia Pacific (Mumbai) ap-south-1
Asia Pacific (Osaka-Local) ap-northeast-3
Asia Pacific (Seoul) ap-northeast-2
Asia Pacific (Singapore) ap-southeast-1
Asia Pacific (Sydney) ap-southeast-2
Asia Pacific (Tokyo) ap-northeast-1
Canada (Central) ca-central-1
China (Beijing) cn-north-1
China (Ningxia) cn-northwest-1
Europe (Frankfurt) eu-central-1
Europe (Ireland) eu-west-1
Europe (London) eu-west-2
Europe (Milan) eu-south-1
Europe (Paris) eu-west-3
Europe (Stockholm) eu-north-1
Middle East (Bahrain) me-south-1
South America (São Paulo) sa-east-1

Some services, such as IAM, do not support Regions. Thus, the endpoints for those services do not include a Region. Other services, such as Amazon EC2, support Regions but let you specify an endpoint that does not include a Region, such as https://ec2.amazonaws.com. When you use an endpoint with no Region, AWS routes the Amazon EC2 request to US East (N. Virginia) (us-east-1), which is the default Region for API calls.

View the service endpoints

You can view the AWS service endpoints using the following options:

FIPS endpoints

Some AWS services offer FIPS endpoints in selected Regions. Unlike standard AWS endpoints, FIPS endpoints use a TLS software library that complies with Federal Information Processing Standard (FIPS) 140-2. These endpoints might be required by enterprises that interact with the United States government. For more information, see Federal Information Processing Standard (FIPS) 140-2 on the AWS Compliance site.

To use a FIPS endpoint with an AWS operation, use the mechanism provided by the AWS SDK or tool to specify a custom endpoint. For example, the AWS Command Line Interface provides the --endpoint-url option. The following example uses the FIPS endpoint for the US West (Oregon) Region with an operation for AWS Key Management Service (AWS KMS).

aws kms create-key --endpoint-url https://kms-fips.us-west-2.amazonaws.com

Minimum TLS version for FIPS endpoints

By March 31, 2021, AWS will revoke the ability to use TLS 1.0 and TLS 1.1 on all FIPS endpoints and require a minimum version of TLS 1.2. This change applies to all AWS Regions. No other AWS endpoints are affected by this change. For more information, see Which AWS Services require a minimum version of TLS 1.2 for FIPS endpoints on the FIPS page.

AWS encourages you to be proactive in maintaining security standards to avoid impacting availability and to protect the integrity of data in transit. We recommend that you review your client applications to confirm that they support TLS 1.2. We recommend that you test TLS 1.2 in a staging environment before you introduce configuration changes to your applications in production.

Learn more

You can find endpoint information from the following sources: