AWS GovCloud (US) User Guide
AWS GovCloud (US) User Guide


This service is currently available in AWS GovCloud (US-West) only.

AWS WAF is a web application firewall that lets you monitor web requests that are forwarded to Amazon CloudFront distributions or an Application Load Balancer. You can also use AWS WAF to block or allow requests based on conditions that you specify, such as the IP addresses that requests originate from or values in the requests.

The following list details the differences for using this service in the AWS GovCloud (US-West) Region compared to other AWS Regions:

For more information about AWS WAF, see the AWS WAF documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in the AWS GovCloud (US-West) Region. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in the AWS GovCloud (US-West) Region, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • Not applicable

No ITAR-regulated data may be entered, stored, or processed by AWS WAF. For example, AWS WAF metadata is not permitted to contain ITAR-regulated data.

For example, do not enter ITAR-regulated data in the following fields:

  • Web ACL name

  • CloudWatch metric name

  • Condition

  • Rule name

  • String filters and regex pattern set

On this page: