AWS GovCloud (US)
User Guide

AWS GovCloud (US) Endpoints

If you access AWS GovCloud (US) by using the command line interface (CLI) or programmatically by using the APIs, you need the AWS GovCloud (US) Region endpoints. The following table lists each AWS service available in GovCloud (US) and its corresponding endpoints.

AWS Service AWS GovCloud (US) Endpoint Protocol
Amazon API Gateway*** HTTPS
Amazon EC2 Auto Scaling HTTP and HTTPS
AWS Certificate Manager HTTPS
AWS CloudFormation HTTPS
AWS CloudHSM Classic HTTPS
AWS CloudTrail HTTPS
Amazon CloudWatch


Amazon CloudWatch Events


Amazon CloudWatch Logs


AWS CodeDeploy HTTPS

AWS Config

AWS Config Rules HTTPS
AWS Direct Connect HTTPS
AWS Database Migration Service (DMS) HTTPS
Amazon DynamoDB HTTP and HTTPS
Amazon DynamoDB Streams HTTP and HTTPS
AWS Elastic Beanstalk HTTPS
Amazon Elastic Block Store (Amazon EBS) HTTPS
Amazon Elastic Compute Cloud (Amazon EC2) HTTPS
Amazon EC2 Systems Manager HTTPS
Elastic Load Balancing HTTP and HTTPS
Amazon ElastiCache HTTPS
Amazon EMR (Amazon EMR) HTTP and HTTPS
Amazon Glacier HTTPS
AWS Identity and Access Management (IAM) HTTPS
AWS Key Management Service (AWS KMS) **



Amazon Kinesis Data Streams HTTPS
AWS Lambda ** HTTPS
Amazon Redshift HTTPS
Amazon Rekognition** HTTPS
Amazon Relational Database Service (Amazon RDS) HTTPS
Amazon Simple Storage Service (Amazon S3) ** HTTP and HTTPS
Amazon Simple Storage Service (Amazon S3) (FIPS 140-2) HTTPS
Amazon Simple Storage Service (Amazon S3) (website) HTTP
Amazon Simple Notification Service (Amazon SNS) HTTP and HTTPS
Amazon Simple Queue Service (Amazon SQS) HTTP and HTTPS
Amazon Simple Workflow Service (Amazon SWF) HTTPS
AWS Security Token Service (AWS STS) HTTPS
AWS Snowball HTTPS
Amazon Virtual Private Cloud (Amazon VPC) HTTPS
AWS Management Console for the AWS GovCloud (US) Region

AWS Management Console with Federation HTTPS
AWS Management Console with SAML HTTPS


* Amazon API Gateway edge-optimized API and edge-optimized custom domain name are not supported.

* Amazon Route 53 hosted Zone ID for the regional endpoint in the AWS GovCloud (US) region is Z1K6XKP9SAGWDV.

** AWS GovCloud (US) uses FIPS 140-2 validated cryptographic modules to support compliance with FIPS 140-2 in all our HTTPS endpoints except:

  • The non-FIPS alternative for Amazon S3:

  • The AWS Key Management Service endpoint is active, but does not support FIPS 140-2 for TLS connections.

  • The AWS Lambda endpoint does not yet support FIPS 140-2.

  • The Amazon API Gateway endpoint does not yet support FIPS 140-2.

  • The Amazon Rekognition endpoint does not yet support FIPS 140-2.

When using the endpoints, note the following:

  • If you use the AWS CLI or SDK for Python with Amazon SQS, you can also use the following legacy endpoint:

  • Amazon S3 has the following website endpoint:

    Website Endpoint Route 53 Hosted Zone ID


For information about giving federated users single sign-on access to the AWS Management Console, see Giving Federated Users Direct Access to the AWS Management Console.

For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.