How Amazon Virtual Private Cloud differs for AWS GovCloud (US)Documentation for Amazon Virtual Private Cloud Export-controlled content

Amazon VPC in AWS GovCloud (US)

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Note

Not all Amazon VPC endpoints in AWS GovCloud (US) support Amazon VPC endpoint policies.

How Amazon Virtual Private Cloud differs for AWS GovCloud (US)

You must launch Amazon EC2 instances, Amazon RDS instances, or Amazon EMR instances in an Amazon VPC. In some cases, your account might have a default VPC. For more information, see Determining if your account has a default VPC.
Use SSL (HTTPS) when you make calls to the service in the AWS GovCloud (US) Region. In other AWS Regions, you can use HTTP or HTTPS.
Traffic mirror sessions are visible to the owner of a traffic mirror target only if created using the same account. If a traffic mirror target is shared with other accounts, those other accounts may still create sessions with that target, but those sessions will not be visible to the target owner.
Security group rule IDs are not available in the Amazon VPC console.
You can't visualize your global network in geographic map view in Transit Gateway Network Manager console.
The AWS-managed prefix list for Amazon CloudFront is not available.
Reachability Analyzer is not supported.
Network Access Analyzer is not supported.

Documentation for Amazon Virtual Private Cloud

Amazon VPC documentation.

Export-controlled content

For AWS Services architected within the AWS GovCloud (US) Regions, the following list explains how certain components of data may leave the AWS GovCloud (US) Regions in the normal course of the service offerings. The list can be used as a guide to help meet applicable customer compliance obligations. Data not included in the following list remains within the AWS GovCloud (US) Regions.

Amazon VPC metadata is not permitted to contain export-controlled data. This metadata includes all of the configuration data that you enter when setting up and maintaining your VPCs. This applies to free-text entry fields for VPC resources, including but not limited to:
- Name and Description of Security Groups and Security Group Rules.
- Key and Value of DHCP option sets created in your VPC.
- Client Token values used for Idempotency of your API calls.
- Destination log group name of VPC Flow Logs.
- Service name of a VPC Endpoint.
- Key and Value of Tags associated with your resources.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Amazon Translate

Amazon Verified Permissions