Using AWS GovCloud (US) Regions
If you have used other AWS Regions, you should be aware of specific differences in the AWS GovCloud (US) Regions. For example, Amazon Resource Names (ARNs) and endpoints are different in the AWS GovCloud (US) Regions.
In addition to the specific differences, the following topics describe how to maintain compliance with International Traffic in Arms Regulations (ITAR), how to access AWS GovCloud (US), and how to control access to your AWS GovCloud (US) account.
Topics
- Amazon Resource Names (ARNs) in GovCloud (US) Regions
- Paths in ARNs
- Endpoints for the AWS GovCloud (US) Regions
- Maintaining U.S. International Traffic in Arms Regulations (ITAR) Compliance
- Accessing the AWS GovCloud (US) Regions
- Controlling Access to Your AWS GovCloud (US) Account
- Command Line and API Access
- Resource Limits
- Penetration Testing
- Service Health Dashboard
Paths in ARNs
Some services let you specify a path for the resource name. For example, in Amazon
S3,
the resource identifier is an object name that can include slashes (/)
to form a path. Similarly, IAM user names and group names can include paths.
Paths can include wildcard characters such as an asterisk (*). For
example, to specify all IAM users whose user name includes the prefix
product_1234, you can use a wildcard like this:
arn:aws-us-gov:iam::123456789012:user/Development/product_1234/*
To specify all IAM users or IAM groups in the AWS account, use a wildcard
after the user/ or group/part of the ARN,
respectively.
arn:aws-us-gov:iam::123456789012:user/* arn:aws-us-gov:iam::123456789012:group/*
The following example shows ARNs for an Amazon S3 bucket in which the resource name includes a path:
arn:aws-us-gov:s3:::my_corporate_bucket/* arn:aws-us-gov:s3:::my_corporate_bucket/Development/*
You cannot use a wildcard in the resource type, such as the term user
in an IAM ARN. The following is not allowed:
arn:aws-us-gov:iam::123456789012:u*
For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
