AWS GovCloud (US) User Guide
AWS GovCloud (US) User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Elastic Load Balancing

Elastic Load Balancing automatically distributes your incoming application traffic across multiple targets, such as EC2 instances. It monitors the health of registered targets and routes traffic only to the healthy targets. Elastic Load Balancing supports three types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers.

Elastic Load Balancing supports three types of load balancers: Application Load Balancer, Network Load Balancer, and Classic Load Balancer. All three types of load balancers are supported in AWS GovCloud (US) Regions.

The following list details the differences for using this service in AWS GovCloud (US) Regions compared to other AWS Regions:

  • Your load balancer must run in a virtual private cloud (VPC).

  • Because Elastic Load Balancing must run in a VPC, Classic Load Balancer does not provide IPV6 capability that is offered in standard AWS Regions when running outside of a VPC. Application Load Balancer supports IPv6 in VPCs in all regions including AWS GovCloud (US) Regions.

  • ITAR data must be encrypted in transit outside of the ITAR boundary. Because Elastic Load Balancing uses global DNS servers, ITAR traffic across Elastic Load Balancing must be encrypted.

    • You can use SSL certificates on your Classic and Application load balancers only. For more information, see Replace the SSL Certificate for Your Load Balancer. The Elastic Load Balancing SSL termination is not FIPS 140-2 compliant.

    • You can also use Network Load Balancer to pass TCP traffic and terminate SSL on your web server.

  • Elastic Load Balancing uses the following account ID. For information about when it is used, see Attach a Policy to Your Amazon S3 Bucket.

    Region Elastic Load Balancing Account ID
    us-gov-west-1 048591011584

For more information about Elastic Load Balancing, see the Elastic Load Balancing documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • All data transmitted through Elastic Load Balancing must be encrypted if it contains ITAR-regulated data. Encryption must be used both between clients and the load balancer and between the load balancer and registered instances. It is strongly recommended that Backend Authentication is enabled to enforce public key authentication of the registered instance.

  • All customer parameters provided as input to Elastic Load Balancing (via console, APIs, or other mechanism) are not permitted to contain ITAR-regulated data. Examples include the names of load balancers and the names of load balancer policies.

  • Do not enter ITAR-regulated data in the following fields:

    • Resource tags

If you are processing ITAR-regulated data with this service, use the SSL (HTTPS) endpoint to maintain ITAR compliance. For a list of endpoints, see Endpoints for the AWS GovCloud (US) Regions.

On this page: