Using AWS GovCloud (US) Regions - AWS GovCloud (US)
Paths in ARNs

Using AWS GovCloud (US) Regions

If you have used other AWS Regions, you should be aware of specific differences in the AWS GovCloud (US) Regions. For example, Amazon Resource Names (ARNs) and endpoints are different in the AWS GovCloud (US) Regions. For CLI and SDK calls, the region names are us-gov-west-1 and us-gov-east-1.

In addition to the specific differences, the following topics describe how to maintain compliance with International Traffic in Arms Regulations (ITAR), how to access AWS GovCloud (US), and how to control access to your AWS GovCloud (US) account.

Topics

Paths in ARNs

Some services let you specify a path for the resource name. For example, in Amazon S3, the resource identifier is an object name that can include slashes (/) to form a path. Similarly, IAM user names and group names can include paths.

Paths can include wildcard characters such as an asterisk (*). For example, to specify all IAM users whose user name includes the prefix product_1234, you can use a wildcard like this:

arn:aws-us-gov:iam::123456789012:user/Development/product_1234/*

To specify all IAM users or IAM groups in the AWS account, use a wildcard after the user/ or group/part of the ARN, respectively.

arn:aws-us-gov:iam::123456789012:user/*
arn:aws-us-gov:iam::123456789012:group/*

The following example shows ARNs for an Amazon S3 bucket in which the resource name includes a path:

arn:aws-us-gov:s3:::my_corporate_bucket/*
arn:aws-us-gov:s3:::my_corporate_bucket/Development/*

You cannot use a wildcard in the resource type, such as the term user in an IAM ARN. The following is not allowed:

arn:aws-us-gov:iam::123456789012:u*

For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.