AWS service endpoints - AWS General Reference

AWS service endpoints

To connect programmatically to an AWS service, you use an endpoint. An endpoint is the URL of the entry point for an AWS web service. The AWS SDKs and the AWS Command Line Interface (AWS CLI) automatically use the default endpoint for each service in an AWS Region. But you can specify an alternate endpoint for your API requests.

If a service supports Regions, the resources in each Region are independent of similar resources in other Regions. For example, you can create an Amazon EC2 instance or an Amazon SQS queue in one Region. When you do, the instance or queue is independent of instances or queues in all other Regions.

Regional endpoints

Most Amazon Web Services offer a Regional endpoint that you can use to make your requests. The general syntax of a Regional endpoint is as follows.

protocol://service-code.region-code.amazonaws.com

For example, https://dynamodb.us-west-2.amazonaws.com is the endpoint for the Amazon DynamoDB service in the US West (Oregon) Region.

The following table lists the name and code of each Region.

Name Code
US East (Ohio) us-east-2
US East (N. Virginia) us-east-1
US West (N. California) us-west-1
US West (Oregon) us-west-2
Africa (Cape Town) af-south-1
Asia Pacific (Hong Kong) ap-east-1
Asia Pacific (Hyderabad) ap-south-2
Asia Pacific (Jakarta) ap-southeast-3
Asia Pacific (Melbourne) ap-southeast-4
Asia Pacific (Mumbai) ap-south-1
Asia Pacific (Osaka) ap-northeast-3
Asia Pacific (Seoul) ap-northeast-2
Asia Pacific (Singapore) ap-southeast-1
Asia Pacific (Sydney) ap-southeast-2
Asia Pacific (Tokyo) ap-northeast-1
Canada (Central) ca-central-1
Canada West (Calgary) ca-west-1
Europe (Frankfurt) eu-central-1
Europe (Ireland) eu-west-1
Europe (London) eu-west-2
Europe (Milan) eu-south-1
Europe (Paris) eu-west-3
Europe (Spain) eu-south-2
Europe (Stockholm) eu-north-1
Europe (Zurich) eu-central-2
Israel (Tel Aviv) il-central-1
Middle East (Bahrain) me-south-1
Middle East (UAE) me-central-1
South America (São Paulo) sa-east-1
AWS GovCloud (US-East) us-gov-east-1
AWS GovCloud (US-West) us-gov-west-1
General endpoints

The following services support Regional endpoints but also support a general endpoint that doesn't include a Region. When you use a general endpoint, AWS routes the API request to US East (N. Virginia) (us-east-1), which is the default Region for API calls.

  • Amazon EC2 – ec2.amazonaws.com

  • Amazon EC2 Auto Scaling – autoscaling.amazonaws.com

  • Amazon EMR – elasticmapreduce.amazonaws.com

Global endpoints

Global services do not support Regions. The following services each have a single global endpoint:

  • Amazon CloudFront

  • AWS Global Accelerator

  • AWS Identity and Access Management (IAM)

  • AWS Network Manager

  • AWS Organizations

  • Amazon Route 53

  • AWS Shield Advanced

  • AWS WAF Classic

View the service endpoints

You can view the AWS service endpoints using the following options:

FIPS endpoints

Some AWS services offer endpoints that support Federal Information Processing Standard (FIPS) 140-2 in some Regions. Unlike standard AWS endpoints, FIPS endpoints use a TLS software library that complies with FIPS 140-2. These endpoints might be required by enterprises that interact with the United States government.

To specify a FIPS endpoint when you call an AWS operation, use a mechanism provided by the tool that you're using to make the call. For example, the AWS SDKs provide the following mechanisms to enable the use of FIPS endpoints:

  • Set the AWS_USE_FIPS_ENDPOINT environment variable to true

  • Add use_fips_endpoint=true to your ~/.aws/config file

The AWS Command Line Interface supports these mechanisms, and also provides the --endpoint-url option. The following example uses --endpoint-url to specify the FIPS endpoint for AWS Key Management Service (AWS KMS) in the US West (Oregon) Region.

aws kms create-key --endpoint-url https://kms-fips.us-west-2.amazonaws.com

For a list of FIPS endpoints, see FIPS endpoints by Service.

Minimum TLS version for FIPS endpoints

With FIPS endpoints, the minimum requirement is TLS 1.2. We recommend TLS 1.3. For information about how to determine whether your applications were impacted by this change, see this AWS Security Blog post.

Dual stack endpoints

Some AWS services offer dual stack endpoints, so that you can access them using either IPv4 or IPv6 requests.

The general syntax of a dual stack endpoint is as follows.

  • Services that offer both single and dual stack endpoints use the following syntax for a dual stack endpoint.

    protocol://service-code.region-code.api.aws

    For example, https://ec2.us-west-2.api.aws is the dual stack endpoint for Amazon EC2 in the US West (Oregon) Region.

  • Services that offer only dual stack endpoints use the following syntax for endpoints.

    protocol://service-code.region-code.amazonaws.com

    For example, https://secretsmanager.us-west-2.amazonaws.com is the dual stack endpoint for AWS Secrets Manager in the US West (Oregon) Region.

To make a request to a dual stack endpoint, you must use the mechanism provided by the tool or AWS SDK to specify the endpoint. For example, the AWS CLI provides the --endpoint-url option. The following example uses --endpoint-url to specify the dual stack endpoint for Amazon EC2 in the US West (Oregon) Region.

aws ec2 describe-regions --region us-west-2 --endpoint-url https://ec2.us-west-2.api.aws

For a list of services that support dual stack endpoints, see AWS services that support IPv6.

Learn more

You can find endpoint information from the following sources: