AWS GovCloud (US-West) User Guide
AWS GovCloud (US-West) User Guide

Amazon S3

Amazon Simple Storage Service (Amazon S3) is storage for the internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. You can accomplish these tasks using the simple and intuitive web interface of the AWS Management Console.

The following list details the differences for using this service in the AWS GovCloud (US-West) Region compared to other AWS Regions:

  • You cannot do a direct copy of the contents of an Amazon S3 bucket in the AWS GovCloud (US-West) Region to or from another AWS Region.

  • If you use Amazon S3 policies, use the AWS GovCloud (US-West) ARN identifier. For more information, see Amazon Resource Names (ARNs) in AWS GovCloud (US-West).

  • In the AWS GovCloud (US-West) Region, Amazon S3 has three endpoints. If you are processing ITAR-regulated data, use one of the SSL endpoints. If you have FIPS requirements, use the FIPS 140-2 endpoint (https://s3-fips-us-gov-west-1.amazonaws.com). You can access VPC endpoints for Amazon S3 over both the FIPS and non-FIPS endpoints. For a list of AWS GovCloud (US-West) endpoints, see AWS GovCloud (US-West) Endpoints.

  • Amazon S3 bucket names are unique to the AWS GovCloud (US-West) Region. Bucket names in the AWS GovCloud (US-West) Region are not shared across other AWS Regions.

  • Amazon S3 Transfer Acceleration is not available in the AWS GovCloud (US-West) Region.

For more information about Amazon S3, see the Amazon Simple Storage Service documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in the AWS GovCloud (US-West) Region. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in the AWS GovCloud (US-West) Region, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • All data entered and stored in Amazon S3 buckets can contain ITAR-regulated data.

  • Amazon S3 metadata is not permitted to contain ITAR-regulated data. This metadata includes all configuration data that you enter when creating and maintaining your Amazon S3 buckets, such as bucket names.

  • Do not enter ITAR-regulated data in the following fields:

    • Resource tags

On this page: