Amazon S3 - AWS GovCloud (US)

Amazon S3

Amazon Simple Storage Service (Amazon S3) is storage for the internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. You can accomplish these tasks using the simple and intuitive web interface of the AWS Management Console.

How Amazon Simple Storage Service Differs for AWS GovCloud (US)

  • You cannot do a direct copy of the contents of an Amazon S3 bucket in the AWS GovCloud (US) Regions to or from another AWS Region.

  • If you use Amazon S3 policies, use the AWS GovCloud (US) ARN identifier. For more information, see Amazon Resource Names (ARNs) in GovCloud (US) Regions.

  • In AWS GovCloud (US) Regions, Amazon S3 has three endpoints. If you are processing export-controlled data, use one of the SSL endpoints. If you have FIPS requirements, use a FIPS 140-2 endpoint (https://s3-fips.us-gov-west-1.amazonaws.com or https://s3-fips.us-gov-east-1.amazonaws.com). You can access VPC endpoints for Amazon S3 over both the FIPS and non-FIPS endpoints. For a list of AWS GovCloud (US) endpoints, see Service Endpoints.

  • Amazon S3 bucket names are unique to the AWS GovCloud (US) Regions. Bucket names in the AWS GovCloud (US) Regions are not shared across other standard AWS Regions.

  • MFA delete is not available in AWS GovCloud (US) Regions.

  • Amazon S3 Transfer Acceleration is not available in AWS GovCloud (US).

  • S3 Replication Time Control (S3 RTC) is not available in AWS GovCloud (US).

  • Amazon S3 Object Lambda Access Points are not available in AWS GovCloud (US).

Documentation for Amazon Simple Storage Service

Amazon Simple Storage Service documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the table below explains how certain components of data may leave the Regions in the normal course of the Service Offerings. The table can be used as a guide to help meet applicable customer compliance obligations.

Data in the following service attributes will not leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings Data in the following service attributes may leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings
  • All data entered and stored in Amazon S3 buckets can contain export-controlled data.

  • Amazon S3 metadata is not permitted to contain export-controlled data. This metadata includes all configuration data that you enter when creating and maintaining your Amazon S3 buckets, such as bucket names.

  • Do not enter export-controlled data in the following fields:

    • Resource tags