AWS Documentation » AWS GovCloud (US) » AWS GovCloud (US) User Guide » Using AWS GovCloud (US) Regions

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Using AWS GovCloud (US) Regions

If you have used other AWS Regions, you should be aware of specific differences in the AWS GovCloud (US) Regions. For example, Amazon Resource Names (ARNs) and endpoints are different in the AWS GovCloud (US) Regions.

In addition to the specific differences, the following topics describe how to maintain compliance with International Traffic in Arms Regulations (ITAR), how to access AWS GovCloud (US), and how to control access to your AWS GovCloud (US) account.

Topics

• Amazon Resource Names (ARNs) in GovCloud (US) Regions
• Paths in ARNs
• Endpoints for the AWS GovCloud (US) Regions
• Maintaining U.S. International Traffic in Arms Regulations (ITAR) Compliance
• Accessing the AWS GovCloud (US) Regions
• Controlling Access to Your AWS GovCloud (US) Account
• Command Line and API Access
• Resource Limits
• Penetration Testing
• Service Health Dashboard

Paths in ARNs

Some services let you specify a path for the resource name. For example, in Amazon S3, the resource identifier is an object name that can include slashes (/) to form a path. Similarly, IAM user names and group names can include paths.

Paths can include wildcard characters such as an asterisk (*). For example, to specify all IAM users whose user name includes the prefix product_1234, you can use a wildcard like this:

arn:aws-us-gov:iam::123456789012:user/Development/product_1234/*

To specify all IAM users or IAM groups in the AWS account, use a wildcard after the user/ or group/part of the ARN, respectively.

arn:aws-us-gov:iam::123456789012:user/*
arn:aws-us-gov:iam::123456789012:group/*

The following example shows ARNs for an Amazon S3 bucket in which the resource name includes a path:

arn:aws-us-gov:s3:::my_corporate_bucket/*
arn:aws-us-gov:s3:::my_corporate_bucket/Development/*

You cannot use a wildcard in the resource type, such as the term user in an IAM ARN. The following is not allowed:

arn:aws-us-gov:iam::123456789012:u*

For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.