AWS service endpoints
To connect programmatically to an AWS service, you use an endpoint. An endpoint is the URL of the entry point for an AWS web service. The AWS SDKs and the AWS Command Line Interface (AWS CLI) automatically use the default endpoint for each service in an AWS Region. But you can specify an alternate endpoint for your API requests.
If a service supports Regions, the resources in each Region are independent of similar resources in other Regions. For example, you can create an Amazon EC2 instance or an Amazon SQS queue in one Region. When you do, the instance or queue is independent of instances or queues in all other Regions.
Regional endpoints
Most Amazon Web Services offer a Regional endpoint that you can use to make your requests. The general syntax of a Regional endpoint is as follows.
protocol://service-code.region-code.amazonaws.com
For example, https://dynamodb.us-west-2.amazonaws.com is the endpoint for the
Amazon DynamoDB service in the US West (Oregon) Region.
The following table lists the name and code of each Region.
| Region Name | Code |
|---|---|
| US East (Ohio) | us-east-2 |
| US East (N. Virginia) | us-east-1 |
| US West (N. California) | us-west-1 |
| US West (Oregon) | us-west-2 |
| Africa (Cape Town) | af-south-1 |
| Asia Pacific (Hong Kong) | ap-east-1 |
| Asia Pacific (Mumbai) | ap-south-1 |
| Asia Pacific (Osaka-Local) | ap-northeast-3 |
| Asia Pacific (Seoul) | ap-northeast-2 |
| Asia Pacific (Singapore) | ap-southeast-1 |
| Asia Pacific (Sydney) | ap-southeast-2 |
| Asia Pacific (Tokyo) | ap-northeast-1 |
| Canada (Central) | ca-central-1 |
| China (Beijing) | cn-north-1 |
| China (Ningxia) | cn-northwest-1 |
| Europe (Frankfurt) | eu-central-1 |
| Europe (Ireland) | eu-west-1 |
| Europe (London) | eu-west-2 |
| Europe (Milan) | eu-south-1 |
| Europe (Paris) | eu-west-3 |
| Europe (Stockholm) | eu-north-1 |
| Middle East (Bahrain) | me-south-1 |
| South America (São Paulo) | sa-east-1 |
Some services, such as IAM, do not support Regions. The endpoints for these
services do not include a Region. Other services, such as Amazon EC2, support Regions
but
let you specify an endpoint that does not include a Region, such as
https://ec2.amazonaws.com. When you use an endpoint with no Region, AWS
routes the Amazon EC2 request to US East (N. Virginia) (us-east-1), which is the default
Region for API calls.
View the service endpoints
You can view the AWS service endpoints using the following options:
-
Open Service endpoints and quotas, search for the service name, and click the link to open the page for that service. To view the supported endpoints for all AWS services in the documentation without switching pages, view the information in the Service Endpoints and Quotas page in the PDF instead.
-
To programmatically check for service availability using the SDK for Java, see Checking for Service Availability in an AWS Region in the AWS SDK for Java Developer Guide.
-
To programmatically view Region and service information using Systems Manager, see Calling AWS Service, Region, and Endpoint Public Parameters in the AWS Systems Manager User Guide. For information about how to use public parameters, see Query for AWS Regions, Endpoints, and More Using AWS Systems Manager Parameter Store
. -
To see the supported AWS services in each Region (without endpoints), see the Region Table
.
FIPS endpoints
Some AWS services offer FIPS endpoints in selected Regions. Unlike standard AWS
endpoints, FIPS endpoints use a TLS software library that complies with Federal Information
Processing Standard (FIPS) 140-2. These endpoints might be required by enterprises
that
interact with the United States government. For more information, see Federal Information Processing Standard (FIPS) 140-2
To use a FIPS endpoint with an AWS operation, use the mechanism provided by the AWS
SDK or tool to specify a custom endpoint. For example, the AWS Command Line Interface
provides the
--endpoint-url option. The following example uses the FIPS endpoint for the
US West (Oregon) Region with an operation for AWS Key Management Service (AWS KMS).
aws kms create-key --endpoint-url https://kms-fips.us-west-2.amazonaws.com
Minimum TLS version for FIPS endpoints
By March 31, 2021, AWS will revoke the ability to use TLS 1.0 and TLS 1.1 on all
FIPS endpoints and require a minimum version of TLS 1.2. This change applies to all
AWS Regions. No other AWS endpoints are affected by this change. For more
information, see Which AWS Services require a minimum version of TLS 1.2 for
FIPS endpoints on the FIPS
page
AWS encourages you to be proactive in maintaining security standards to avoid impacting availability and to protect the integrity of data in transit. We recommend that you review your client applications to confirm that they support TLS 1.2. We recommend that you test TLS 1.2 in a staging environment before you introduce configuration changes to your applications in production.
Learn more
You can find endpoint information from the following sources:
-
To learn about enabling Regions that are disabled by default, see Managing AWS Regions.
-
For information about the AWS services and endpoints available in the China Regions, see China (Beijing) Region Endpoints
and China (Ningxia) Region Endpoints . -
For information about the AWS services and endpoints available in AWS GovCloud (US), see Service Endpoints in the AWS GovCloud (US) User Guide.
