Amazon VPC - AWS GovCloud (US)

Amazon VPC

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

How Amazon Virtual Private Cloud Differs for AWS GovCloud (US)

  • You must launch Amazon EC2 instances, Amazon RDS instances, or Amazon EMR instances in an Amazon VPC. In some cases, your account might have a default VPC. For more information, see Determining if Your Account Has a Default Amazon VPC.

  • Use SSL (HTTPS) when you make calls to the service in the AWS GovCloud (US) Region. In other AWS Regions, you can use HTTP or HTTPS.

  • Traffic mirror sessions are visible to the owner of a traffic mirror target only if created using the same account. If a traffic mirror target is shared with other accounts, those other accounts may still create sessions with that target, but those sessions will not be visible to the target owner.

Documentation for Amazon Virtual Private Cloud

Amazon VPC documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • All data entered, stored, and processed in Amazon VPC can contain ITAR-regulated data.

  • You can transmit ITAR-regulated data in clear text across the network within your Amazon VPC.

  • Amazon VPC metadata is not permitted to contain ITAR-regulated data. This metadata includes all of the configuration data that you enter when setting up and maintaining your VPCs.

  • If you are using VPC Flow Logs, the following field is not permitted to contain ITAR-regulated data:

    • Destination log group name