What Is AWS GovCloud (US)? - AWS GovCloud (US)

What Is AWS GovCloud (US)?

AWS GovCloud (US) consist of isolated AWS Regions designed to allow U.S. government agencies and customers move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements, including Federal Risk and Authorization Management Program (FedRAMP) High, Department of Defense Security Requirements Guide (DoD SRG) Impact Levels 4 and 5, and Criminal Justice Information Services (CJIS). To assist customers in managing their obligations under U.S. export control regimes such as the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), AWS GovCloud (US) Regions are logically and physically administered exclusively by AWS personnel that are U.S. citizens only. In this guide, the term AWS GovCloud (US) Regions refer to both AWS GovCloud (US-West) and AWS GovCloud (US-East) Regions.

You can run workloads that contain all categories of Controlled Unclassified Information (CUI) data and government-oriented, publicly available data in AWS GovCloud (US). For a list of compliance frameworks, see AWS GovCloud (US) Security. AWS GovCloud (US) supports the management of regulated data by offering the following features:

  • Restricting physical and logical administrative access to AWS personnel that are U.S. citizens only.

  • Providing FIPS 140-2 endpoints. (For details on each service, see the Service Endpoints section.)

Depending on your requirements, you can also run non-government workloads in the AWS GovCloud (US) regions; and use the unique capabilities of these Regions.

Note

AWS manages physical and logical access controls for the AWS boundary. However, the overall security of your workloads is a shared responsibility, where you are responsible for controlling user access to content in your AWS GovCloud (US) account.

The AWS GovCloud (US) User Guide provides details on setting up your AWS GovCloud (US) account, identifies the differences between AWS GovCloud (US) Regions and other AWS Regions, and defines usage guidelines for processing ITAR-regulated data within the AWS GovCloud (US). This guide assumes that you are familiar with Amazon Web Services (AWS).

Additional resources: