AWS GovCloud (US)
User Guide

What Is AWS GovCloud (US)?

AWS GovCloud (US) is an isolated AWS region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. The AWS GovCloud (US) Region adheres to U.S. International Traffic in Arms Regulations (ITAR) requirements.

You can run workloads that contain all categories of Controlled Unclassified Information (CUI) data and government-oriented, publicly available data in the AWS GovCloud (US) Region. The AWS GovCloud (US) Region supports the management of regulated data by offering the following features:

  • Restricting physical and logical administrative access to U.S. citizens only.

  • Providing FIPS 140-2 endpoints. (For details on each service, see the AWS GovCloud (US) Endpoints section.)

Depending on your requirements, you can also run unclassified workloads in the AWS GovCloud (US) Region and use the unique capabilities of this region.


AWS manages physical and logical access controls for the AWS boundary. However, the overall security of your workloads is a shared responsibility, where you are responsible for controlling user access to content in your AWS GovCloud (US) account.

The AWS GovCloud (US) User Guide provides details on setting up your AWS GovCloud (US) account, identifies the differences between the AWS GovCloud (US) Region and other AWS regions, and defines usage guidelines for processing ITAR-regulated data within the AWS GovCloud (US) Region. This guide assumes that you are familiar with Amazon Web Services (AWS).

Additional resources: