AWS GovCloud (US)
User Guide

ITAR Boundary

The ITAR boundary defines where customers are allowed to store ITAR-regulated data for this service in the AWS GovCloud (US) Region. You must comply with the boundaries in order to maintain ITAR compliance. If you do not have any ITAR-regulated data in the AWS GovCloud (US) Region, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • IAM passwords are protected as ITAR-regulated data.

  • Secret access keys are protected as ITAR-regulated data.

  • Virtual MFA seeds are protected as ITAR-regulated data.

  • IAM metadata is not permitted to contain ITAR-regulated data. This metadata includes all configuration data that you enter when creating and maintaining your IAM entities.

  • Do not enter ITAR-regulated data in the following fields:

    • Authentication codes, which are clear text memcached

    • User names

    • Group names

    • Password policies

    • Policy names

    • Roles and role names

    • Policy documents