AWS Systems Manager - AWS GovCloud (US)

AWS Systems Manager

Use AWS Systems Manager to organize, monitor, and automate management tasks on your AWS resources.

How AWS Systems Manager Differs for AWS GovCloud (US)

  • AWS AppConfig, a component of AWS Systems Manager, is not supported in AWS GovCloud (US) Regions.

  • Support for viewing association histories is not available in AWS GovCloud (US) Regions.

  • The following AWS Systems Manager Automation actions for invoking APIs from other AWS services are not supported:

    • aws:executeAwsApi

    • aws:waitForAwsResourceProperty

    • aws:assertAwsResourceProperty

  • SSM Agent for AWS GovCloud (US) can be downloaded from the following location:

    https://amazon-ssm-us-gov-east-1.s3.us-gov-east-1.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe

Documentation for AWS Systems Manager

AWS Systems Manager documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
All AWS Systems Manager Document content and Parameter Store values can contain ITAR-regulated data.

The following AWS Systems Manager metadata fields are not permitted to contain ITAR-regulated data:

  • Document names

  • Parameter Store parameter names

  • Patch group names (that is, the value of the Patch Group tag)