Amazon Web Services (AWS) provides agencies and businesses with an infrastructure web services platform in the cloud. With AWS you can requisition compute, storage, and other services – gaining access to a suite of secure, scalable, and flexible IT infrastructure services as your agency or business demands them. With AWS, you pay only for what you use, making AWS the most cost-effective way to deliver your applications.
Q. What is AWS GovCloud (US)?
AWS GovCloud (US) is an AWS Region designed to allow US government agencies, contractors and customers to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements, such as ITAR, which governs how organizations manage and store defense-related data. Because AWS only allows US Persons to physically and logically access the AWS GovCloud (US) network, government agencies can now manage more heavily regulated data in AWS while remaining compliant with US Persons only access requirements. AWS does not manage physical and logical access controls beyond the AWS network. It is the responsibility of customers to manage end user access controls to their content in the AWS GovCloud (US) Region.
Q. What is the AWS GovCloud (US) network?
The AWS GovCloud (US) network consists of AWS’s internal data center facilities, servers, networking equipment, and host software systems that are within AWS’s reasonable control and are used to provide the AWS Services in the AWS GovCloud (US) Region.
Q. Where is the AWS GovCloud (US) Region located?
The AWS GovCloud (US) Region is located in the Northwestern region of the United States.
Q. Why is it not available in the East Coast, where many government agencies are located?
Many government agencies are already using AWS in the US-East Region, so offering this service on the West Coast allows government agencies the ability to leverage multiple AWS Regions for further fault tolerance and redundancy. We plan to expand AWS GovCloud to other US locations in the future.
Q. Does the AWS GovCloud (US) Region have a FedRAMPSM Agency ATO?
Yes. Two separate FedRAMP Agency ATOs have been issued; one encompassing the AWS GovCloud (US) Region, and the other covering the AWS US East/West regions. Visit the FedRAMP FAQs to find out more. Agencies can immediately request access to the "Amazon Web Services - AWS GovCloud (US) Region" FedRAMP package by submitting a FedRAMP Package Access Request Form using package ID "AGENCYAMAZONGC".
Q. Does AWS GovCloud (US) offer better security than other AWS regions?
AWS GovCloud (US) offers the same high level of security as other AWS regions and supports existing AWS security controls and certifications such as
SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, FedRAMP, DIACAP and FISMA, ITAR, FIPS 140-2 compliant end points, CSA, MPAA. AWS also provides an environment that enables agencies to comply with HIPAA regulations. The only difference is that AWS has added a layer of permissions to the AWS GovCloud (US) Region that restricts access to those on an approved list of US Persons.
Q. What are the ITAR requirements?
ITAR is the International Traffic in Arms Regulations, which is a set of United States government regulations that control the export and import of defense-related articles and services on the United States Munitions List (USML) and related technical data. The primary issue that impacts AWS is the requirement that all ITAR controlled data must be stored in an environment physically and logically accessible to US Persons only. A US Person is defined as a US citizen or permanent resident. In this Region, AWS complies with US Persons only physical and logical access requirements for the AWS network, and therefore enables others to use the AWS GovCloud (US) Region to process and store data which requires ITAR compliance.
Q. Is the AWS GovCloud (US) Region ITAR certified?
Unlike ISO 27001, there is no formal ITAR certification. However, AWS has conducted a third-party review of the AWS GovCloud (US) ITAR compliance program. This third party has published a favorable letter of attestation regarding AWS’s compliance with the stated ITAR objectives. This letter is provided to customers who enter into an agreement with AWS to access the GovCloud (US) Region.
Q. What is a “protected article”?
A protected article under ITAR is any technical data stored in any form (e.g. a document or other digital file) that contains information related to items or services designated in the USML. ITAR compliance is focused on ensuring this technical data is not inadvertently distributed to foreign persons or foreign nations.
Q. Does AWS have an export compliance program?
AWS does not export any customer data in AWS GovCloud (US), and therefore does not require a comprehensive export compliance program. However, because AWS GovCloud (US) customers are subject to ITAR and other export compliance requirements, AWS is responsible for ensuring that AWS restricts access to the AWS GovCloud network controlled by AWS to US Persons only. This way, a customer can manage their own compliance while processing and storing data in AWS GovCloud. AWS does maintain a robust compliance program with this limited scope.
Q. How do Government agencies, contractors and customers access the AWS GovCloud (US) Region?
Customers cannot sign up for AWS GovCloud (US) through the traditional, online AWS sign up process. AWS must engage with the customer directly to sign an agreement specific to the AWS GovCloud (US) Region. Customers must be US Persons, not subject to export restrictions, and must comply with US export control laws and regulations, including the International Traffic in Arms Regulations. Please contact your AWS Business Representative for more information, or fill out the “contact me” form on the AWS GovCloud (US) Contact Us page.
Q. Do all government agencies need to use AWS GovCloud (US)?
No. AWS GovCloud (US) is provided for entities that choose, or are required, to utilize a US Persons only cloud environment. Agencies that do not want to use a US Persons only environment can use our other cloud services, which provide FISMA-Moderate controls.
Q. Do agencies have to sign a contract to use AWS GovCloud (US)?
Yes. Agencies must sign a customer agreement and an agreement specific to AWS GovCloud (US) to access the AWS GovCloud (US) Region. Please contact your AWS Business Representative, or fill out the AWS GovCloud (US) Contact Us form.
Q. Are there any Solution Providers to help me with deploying AWS GovCloud (US) solutions?
In order to help make it easier to build and implement these and other use cases in AWS GovCloud (US), we are working with a wide range of System Integrators (SI) and Independent Software Vendors (ISVs) who have the capability to support US Persons only access controls and ITAR compliant applications. Current Solution Providers include Deloitte, Oracle, Adobe, CACI, ESRI, URS, GTSI, Smartronix, Appian, Accelera Solutions, Aquilent, BlueRiver IT, Intelligent Decisions, Leverage IS and Optimos. We continue to build this ecosystem of AWS solution providers for AWS GovCloud (US).
Q. What are AWS GovCloud (US) use cases?
AWS GovCloud (US) can be used to power a wide variety of IT applications and workloads, including Enterprise Applications (Oracle, SAP, Microsoft Windows Server, etc.), High Performance Computing (HPC), Storage, Disaster Recovery and Web Applications workloads.
Q. What services are available in AWS GovCloud (US)?
The services available within the AWS GovCloud (U) Region are listed below. If you are interested in using a service that is not listed below, please contact a business representative regarding your interest. Compute & Networking
AWS Direct Connect makes it easy to establish a dedicated network connection from your premise to the AWS GovCloud (US) Region. Using AWS Direct Connect, you can establish private connectivity between the AWS GovCloud (US) Region and your datacenter, office, or colocation environment.
Amazon EC2 delivers scalable, pay-as-you-go compute capacity in the cloud.
Auto Scaling allows you to automatically scale your Amazon EC2 capacity up or down according to conditions you define.
Amazon EMR is a web service that makes it easy to process vast amounts of data using Hadoop.
Amazon VPC lets you provision a private, isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define.
Amazon S3 provides a highly durable and reliable data storage infrastructure for storing and retrieving any amount of data, at any time, from any system connected to the Internet.
Amazon EBS provides block level storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are network-attached storage that persists independently from the life of an instance.
Amazon DynamoDB is a fully-managed, high performance, NoSQL database service that is easy to set up, operate, and scale.
Amazon RDS is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks for you. Amazon RDS supports the MySQL, SQL Server and Oracle database engines.
Amazon CloudWatch provides monitoring for AWS cloud resources and applications, including Amazon EC2 instances, Amazon EBS volumes, Amazon SNS topics, and Amazon SQS queues.
AWS IAM enables you to securely control access to AWS services and resources for your users.
Amazon SQS is a reliable, highly scalable message queue service that enables asynchronous messaging between distributed components in a system.
Amazon SNS is a highly reliable and scalable system that provides developers the ability to publish messages from an application and deliver them to subscribers or other applications. Amazon SNS supports notifications via email, HTTP, and to SQS queues.
Amazon SWF is a workflow service for building scalable, resilient applications. Whether automating business processes for procurement or task tracking applications, building sophisticated data analytics applications, or managing cloud infrastructure services, Amazon SWF reliably coordinates all of the processing steps within an application.
AWS Support is a one-on-one, fast-response support channel to help you build and run applications on AWS Infrastructure Services.
Q. How do I get to the AWS Management Console for the AWS GovCloud (US) Region?
Q. Which service consoles are available in the AWS GovCloud (US) Region?
Compute & Networking
Storage & Content Delivery
Deployment & Management
Q. How do I set up Direct Connect for the AWS GovCloud (US) Region?
See the AWS GovCloud (US) User Guide for detailed instructions on how to set up a Direct Connect connection for the AWS GovCloud (US) Region.
Q. Is IPV6 available in AWS GovCloud (US)?
No, IPV6 is not currently available for customers running instances in VPC, and VPC is a standard security feature in AWS GovCloud (US). Please contact your AWS Business Representative, or fill out the AWS GovCloud (US) Contact Us form.
Q. What types of customer service and support are provided for the AWS GovCloud (US) Region?
Customer Service is available 24/365/7 to answer any billing or account related questions. AWS GovCloud (US) customers can choose from either Business-level or Enterprise-level technical support. Business-level support provides 24/7/365 Phone, Chat, and email support with a 1 hour response, support for 3rd party software, and architecture support. Enterprise-level support customers receive additional benefits with a 15 minute response time and are assigned a Technical Account Manager (TAM). Support for Health Checks (SHC) and Trusted Advisor functionality for AWS GovCloud (US) will be added in the near future. Due to the ITAR certification requirements, Developer-level technical support is not currently offered.
Q. How do I sign up for technical support?
Please contact your AWS Business Representative. They will assist you in enabling your master account with AWS Business or Enterprise-level support.
Q. How can I access customer service and support for the AWS GovCloud (US) Region?
Support can be obtained by navigating to the Support Center - log in using your master AWS account, create a case, and indicate to the support engineer that you are an AWS GovCloud (US) customer. If the questions do not require access to ITAR-restricted resource (e.g. generic AWS questions), any engineer can help you. When the subject matter is ITAR-restricted, your case will be routed to the AWS GovCloud (US) support team which is staffed by ITAR-trained US persons on US soil.
Q. How do I sign up to use Elastic Load Balancing in the AWS GovCloud (US) Region?
In order to sign up to use Elastic Load Balancing in the AWS GovCloud (US) Region, contact your AWS Business Representative, or fill out the AWS GovCloud (US) Contact Us form.
AWS GovCloud (US) provides customers with a choice in how they want to purchase our services. AWS GovCloud (US) costs are based on the quantity of services used and the payment model utilized to procure these services.
The on-demand and reserved pricing models available in the traditional AWS cloud are also available in the AWS GovCloud (US) Region. In addition, a new pricing model, Fixed Price Reserved, is available in the AWS GovCloud (US) Region for Amazon EC2, Amazon S3 and AWS Data Transfer services. Fixed Price Reserved pricing allow AWS GovCloud (US) customers the option to make a one-time fixed payment for each service they want to reserve. After the one-time payment, customers can utilize that service for the duration of their term with no additional payment as long as they don’t exceed the usage they have paid for.