Menu
AWS GovCloud (US)
User Guide

AWS Management Console for the AWS GovCloud (US) Region

The following list details the differences for using the AWS Management Console in the AWS GovCloud (US) Region compared to other AWS regions:

  • You access the AWS GovCloud (US) console by using a different URL than the standard AWS Management Console.

  • You can only access the AWS GovCloud (US) console by using an IAM user name and password, not with the GovCloud account root user email address and password. For information about the AWS GovCloud (US) differences in IAM, see AWS Identity and Access Management.

  • The console includes only the services that are available in the AWS GovCloud (US) Region. To see a list of the supported services, see Services in the AWS GovCloud (US).

  • You are automatically signed out from the console after 4 hours.

  • Due to the separate authentication stack for AWS GovCloud (US), the hardware MFA devices used with standard AWS regions are not compatible with AWS GovCloud (US) accounts. AWS GovCloud (US) supports only MFA devices listed in the Compatibility with AWS GovCloud (US) table row on the Multi-Factor Authentication page.

  • You cannot enable an MFA device for your AWS GovCloud (US) account root user.

  • The console does not permit navigation to any regions other than the AWS GovCloud (US) Region.

  • You can sign in to the AWS GovCloud (US) console and the standard AWS Management Console concurrently.

  • You cannot automatically create a support ticket from the AWS GovCloud (US) console.

ITAR Boundary

The ITAR boundary defines where customers are allowed to store ITAR-regulated data for this service in the AWS GovCloud (US) Region. You must comply with the boundaries in order to maintain ITAR compliance. If you do not have any ITAR-regulated data in the AWS GovCloud (US) Region, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • Console passwords are protected as ITAR-regulated data.

  • All console data fields inherit the ITAR restrictions for the specific service that is being accessed. See each service for details.

  • Your user name is not permitted to contain ITAR-regulated data.

  • All console data fields inherit the ITAR restrictions for the specific service that is being accessed. See each service for details.

On this page: