Amazon S3 - AWS GovCloud (US)

Amazon S3

Amazon Simple Storage Service (Amazon S3) is storage for the internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. You can accomplish these tasks using the simple and intuitive web interface of the AWS Management Console.

How Amazon Simple Storage Service Differs for AWS GovCloud (US)

  • You cannot do a direct copy of the contents of an Amazon S3 bucket in the AWS GovCloud (US) Regions to or from another AWS Region.

  • If you use Amazon S3 policies, use the AWS GovCloud (US) ARN identifier. For more information, see Amazon Resource Names (ARNs) in GovCloud (US) Regions.

  • In AWS GovCloud (US) Regions, Amazon S3 has three endpoints. If you are processing export-controlled data, use one of the SSL endpoints. If you have FIPS requirements, use a FIPS 140-2 endpoint (https://s3-fips.us-gov-west-1.amazonaws.com or https://s3-fips.us-gov-east-1.amazonaws.com). You can access VPC endpoints for Amazon S3 over both the FIPS and non-FIPS endpoints. For more information, see Service Endpoints.

  • Amazon S3 bucket names are unique to the AWS GovCloud (US) Regions. Bucket names in the AWS GovCloud (US) Regions are not shared across other standard AWS Regions.

  • MFA delete is not available in AWS GovCloud (US) Regions.

  • Amazon S3 Transfer Acceleration is not available in AWS GovCloud (US).

  • S3 Replication Time Control (S3 RTC) is not available in AWS GovCloud (US).

  • Amazon S3 Storage Lens is not available in AWS GovCloud (US) Regions.

  • Amazon S3 Object Lambda Access Points are available in AWS GovCloud (US) Regions for SSL endpoints. FIPS endpoints are not available.

Documentation for Amazon Simple Storage Service

Amazon Simple Storage Service documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the following list explains how certain components of data may leave the AWS GovCloud (US) Regions in the normal course of the service offerings. The list can be used as a guide to help meet applicable customer compliance obligations. Data not included in the following list remains within the AWS GovCloud (US) Regions.

  • Amazon S3 metadata is not permitted to contain export-controlled data. This metadata includes all configuration data that you enter when creating and maintaining your Amazon S3 buckets, such as bucket names.

  • Do not enter export-controlled data in the following fields:

    • Resource tags