AWS GovCloud (US-East) User Guide
AWS GovCloud (US-East) User Guide

AWS GovCloud (US-East) Endpoints

If you access AWS GovCloud (US-East) by using the command line interface (CLI) or programmatically by using the APIs, you need the AWS GovCloud (US-East) Region endpoints. AWS GovCloud (US-East) uses FIPS 140-2 validated cryptographic modules to support compliance with FIPS 140-2 in all our HTTPS endpoints unless otherwise noted. For more information about FIPS 140-2, see "Cryptographic Module Validation Program" on the NIST Computer Security Resource Center website.

When using the endpoints, note the following:

  • Amazon S3 has the following website endpoint:

    Website Endpoint Route 53 Hosted Zone ID


For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

The following table lists each AWS service available in GovCloud (US) and its corresponding endpoints.

AWS Service AWS GovCloud (US-East) FIPS Endpoint AWS GovCloud (US-East) Non-FIPS Endpoint Protocol
Amazon API Gateway* HTTPS
Amazon Aurora >n/a >HTTPS
AWS Auto Scaling* n/a HTTP and HTTPS
Amazon EC2 Auto Scaling n/a HTTP and HTTPS
AWS Certificate Manager n/a HTTPS
AWS CloudFormation n/a HTTPS
AWS CloudTrail n/a HTTPS
Amazon CloudWatch



Amazon CloudWatch Events



Amazon CloudWatch Logs



AWS CodeDeploy n/a HTTPS

AWS Config n/a HTTPS

AWS Config Rules n/a HTTPS
AWS Database Migration Service (DMS) n/a HTTPS
AWS Direct Connect n/a HTTPS
Amazon DynamoDB n/a HTTP and HTTPS
Amazon DynamoDB Streams n/a HTTP and HTTPS
AWS Elastic Beanstalk n/a HTTPS
Amazon Elastic Block Store (Amazon EBS) n/a HTTPS
Amazon Elastic Compute Cloud (Amazon EC2) n/a HTTPS
Amazon Elastic Container Registry (Amazon ECR) HTTPS
Amazon Elastic Container Service (Amazon ECS) HTTPS
Amazon ElastiCache n/a HTTPS
Elastic Load Balancing n/a HTTP and HTTPS
Amazon Elasticsearch Service HTTPS
Amazon EMR n/a HTTPS
AWS Glue

Amazon S3 Glacier n/a HTTPS
AWS Identity and Access Management (IAM) n/a HTTPS
Amazon Inspector

AWS Key Management Service (AWS KMS) **



Amazon Kinesis Data Streams n/a HTTPS
AWS Lambda

AWS License Manager


AWS Organizations


Amazon Redshift n/a HTTPS
Amazon Relational Database Service (Amazon RDS) n/a HTTPS
AWS Server Migration Service (AWS SMS)

Amazon Simple Storage Service (Amazon S3) ***

Amazon Simple Storage Service (Amazon S3) (website) n/a HTTP
Amazon Simple Notification Service (Amazon SNS) n/a HTTP and HTTPS
Amazon Simple Queue Service (Amazon SQS) n/a HTTP and HTTPS
Amazon Simple Workflow Service (Amazon SWF) n/a HTTPS
AWS Security Token Service (AWS STS) n/a HTTPS
AWS Snowball FIPS is not needed. HTTPS
AWS Step Functions n/a HTTPS
AWS Systems Manager n/a HTTPS
Amazon Virtual Private Cloud (Amazon VPC) n/a HTTPS
AWS Management Console for the AWS GovCloud (US) Region n/a

AWS Management Console with Federation n/a HTTPS
AWS Management Console with SAML n/a HTTPS

For information about giving federated users single sign-on access to the AWS Management Console, see Giving Federated Users Direct Access to the AWS Management Console.


* Amazon API Gateway edge-optimized API and edge-optimized custom domain name are not supported.

* Application Auto Scaling Scaling API and CLI are available. The AWS Auto Scaling console is not available. The AWS Auto Scaling API and command line interface (CLI) are not available.

* Amazon Route 53 hosted Zone ID for the regional endpoint in the AWS GovCloud (US) region is Z1K6XKP9SAGWDV.

** The AWS Key Management Service endpoint is active, but does not support FIPS 140-2 for TLS connections.

*** Amazon S3 dual-stack endpoints support requests to S3 buckets over IPv6 and IPv4. For more information, see Using Dual-Stack Endpoints.