Amazon S3 - AWS GovCloud (US)

Amazon S3

Amazon Simple Storage Service (Amazon S3) is storage for the internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. You can accomplish these tasks using the simple and intuitive web interface of the AWS Management Console.

How Amazon Simple Storage Service Differs for AWS GovCloud (US)

  • You cannot do a direct copy of the contents of an Amazon S3 bucket in the AWS GovCloud (US) Regions to or from another AWS Region.

  • If you use Amazon S3 policies, use the AWS GovCloud (US) ARN identifier. For more information, see Amazon Resource Names (ARNs) in GovCloud (US) Regions.

  • In AWS GovCloud (US) Regions, Amazon S3 has three endpoints. If you are processing ITAR-regulated data, use one of the SSL endpoints. If you have FIPS requirements, use the FIPS 140-2 endpoint ( You can access VPC endpoints for Amazon S3 over both the FIPS and non-FIPS endpoints. For a list of AWS GovCloud (US) endpoints, see Service Endpoints.

  • Amazon S3 bucket names are unique to the AWS GovCloud (US) Regions. Bucket names in the AWS GovCloud (US) Regions are not shared across other standard AWS Regions.

  • Amazon S3 Transfer Acceleration is not available in AWS GovCloud (US).

Documentation for Amazon Simple Storage Service

Amazon Simple Storage Service documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • All data entered and stored in Amazon S3 buckets can contain ITAR-regulated data.

  • Amazon S3 metadata is not permitted to contain ITAR-regulated data. This metadata includes all configuration data that you enter when creating and maintaining your Amazon S3 buckets, such as bucket names.

  • Do not enter ITAR-regulated data in the following fields:

    • Resource tags