Federal Information Processing Standard (FIPS) 140-2

Overview

FIPS_New

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government standard that specifies the security requirements for cryptographic modules that protect sensitive information. To support customers who have FIPS 140-2 requirements, the Amazon Virtual Private Cloud (VPC) VPN endpoints and SSL terminations in AWS GovCloud (US) operate by using cryptographic modules that are validated by FIPS 140-2. AWS works with AWS GovCloud (US) customers to provide the information they need to manage compliance when using the AWS GovCloud (US) Region. For more information about the standard, see Cryptographic Module Validation Program on the NIST Computer Security Resource Center website.

If you require use of FIPS 140-2 validated cryptographic modules when accessing AWS US East/West or AWS GovCloud (US) through use of the command line interface (CLI) or programmatically by using the APIs, the following sections provide the list of available FIPS endpoints by AWS Region.

  • What are the FIPS Endpoints for AWS US East/West?

    The following table lists each FIPS endpoint available for various AWS services in the AWS Region US East/West:

    AWS Service     AWS US East/West Endpoints    
    AWS Directory Service

    ds-fips.us-west-1.amazonaws.com

    ds-fips.us-west-2.amazonaws.com

    ds-fips.us-east-2.amazonaws.com

    ds-fips.us-east-1.amazonaws.com

    Amazon API Gateway

    apigateway-fips.us-west-1.amazonaws.com

    apigateway-fips.us-west-2.amazonaws.com

    apigateway-fips.us-east-2.amazonaws.com

    apigateway-fips.us-east-1.amazonaws.com

    Amazon Cloud Directory

    clouddirectory-fips.us-west-1.amazonaws.com

    clouddirectory-fips.us-east-2.amazonaws.com

    clouddirectory-fips.us-east-1.amazonaws.com

    AWS Cloud Formation  

    cloudformation-fips.us-east-1.amazonaws.com

    cloudformation-fips.us-east-2.amazonaws.com

    cloudformation-fips.us-west-1.amazonaws.com

    cloudformation-fips.us-west-2.amazonaws.com

    AWS CloudTrail

    cloudtrail-fips.us-west-1.amazonaws.com

    cloudtrail-fips.us-west-2.amazonaws.com

    cloudtrail-fips.us-east-2.amazonaws.com

    cloudtrail-fips.us-east-1.amazonaws.com

    Amazon Cognito

    cognito-sync-fips.us-west-2.amazonaws.com

    cognito-identity-fips.us-west-2.amazonaws.com

    cognito-idp-fips.us-west-2.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-west-2.amazoncognito.com

    cognito-sync-fips.us-east-2.amazonaws.com

    cognito-identity-fips.us-east-2.amazonaws.com

    cognito-idp-fips.us-east-2.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-east-2.amazoncognito.com

    cognito-sync-fips.us-east-1.amazonaws.com

    cognito-identity-fips.us-east-1.amazonaws.com

    cognito-idp-fips.us-east-1.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-east-1.amazoncognito.com

    AWS Config

    config-fips.us-west-1.amazonaws.com

    config-fips.us-west-2.amazonaws.com

    config-fips.us-east-2.amazonaws.com

    config-fips.us-east-1.amazonaws.com    

    AWS Database Migration Service (DMS)

    dms-fips.us-west-1.amazonaws.com

    dms-fips.us-west-2.amazonaws.com

    dms-fips.us-east-2.amazonaws.com

    dms-fips.us-east-1.amazonaws.com

    Amazon DynamoDB

    dynamodb-fips.us-west-1.amazonaws.com

    dynamodb-fips.us-west-2.amazonaws.com

    dynamodb-fips.us-east-2.amazonaws.com

    dynamodb-fips.us-east-1.amazonaws.com

    Amazon Elastic Block Store (EBS) Using EC2 Directly
    Amazon Elastic Compute Cloud (EC2)

    ec2-fips.us-west-1.amazonaws.com

    ec2-fips.us-west-2.amazonaws.com

    ec2-fips.us-east-2.amazonaws.com

    ec2-fips.us-east-1.amazonaws.com

    Amazon ElastiCache

    elasticache-fips.us-east-1.amazonaws.com

    elasticache-fips.us-east-2.amazonaws.com

    elasticache-fips.us-west-1.amazonaws.com

    elasticache-fips.us-west-2.amazonaws.com

    Elastic Load Balancing

    elasticloadbalancing-fips.us-west-1.amazonaws.com

    elasticloadbalancing-fips.us-west-2.amazonaws.com

    elasticloadbalancing-fips.us-east-2.amazonaws.com

    elasticloadbalancing-fips.us-east-1.amazonaws.com

    Amazon EMR (Amazon EMR)

    elasticmapreduce-fips.us-west-1.amazonaws.com

    elasticmapreduce-fips.us-west-2.amazonaws.com

    elasticmapreduce-fips.us-east-1.amazonaws.com

    elasticmapreduce-fips.us-east-2.amazonaws.com

    Amazon Glacier

    glacier-fips.us-west-1.amazonaws.com

    glacier-fips.us-west-2.amazonaws.com

    glacier-fips.us-east-2.amazonaws.com

    glacier-fips.us-east-1.amazonaws.com

    AWS Identity and Access Management (IAM) iam-fips.amazonaws.com (IAD Region Only)    
    Amazon Inspector

    inspector-fips.us-west-1.amazonaws.com

    inspector-fips.us-west-2.amazonaws.com

    inspector-fips.us-east-1.amazonaws.com

    Amazon Kinesis Streams

    kinesis-fips.us-west-1.amazonaws.com

    kinesis-fips.us-west-2.amazonaws.com

    kinesis-fips.us-east-2.amazonaws.com

    kinesis-fips.us-east-1.amazonaws.com

    AWS Key Management Service (KMS)

    kms-fips.us-west-1.amazonaws.com

    kms-fips.us-west-2.amazonaws.com

    kms-fips.us-east-2.amazonaws.com

    kms-fips.us-east-1.amazonaws.com

    AWS Lambda

    lambda-fips.us-west-1.amazonaws.com

    lambda-fips.us-west-2.amazonaws.com

    lambda-fips.us-east-2.amazonaws.com

    lambda-fips.us-east-1.amazonaws.com

    Amazon Quicksight

    fips-us-west-2.quicksight.aws.amazon.com

    fips-us-east-2.quicksight.aws.amazon.com

    fips-us-east-1.quicksight.aws.amazon.com

    Amazon Relational Database Service (RDS)

    rds-fips.us-west-1.amazonaws.com

    rds-fips.us-west-2.amazonaws.com

    rds-fips.us-east-2.amazonaws.com

    rds-fips.us-east-1.amazonaws.com

    Amazon Redshift

    redshift-fips.us-west-1.amazonaws.com

    redshift-fips.us-west-2.amazonaws.com

    redshift-fips.us-east-2.amazonaws.com

    redshift-fips.us-east-1.amazonaws.com

    Amazon Route 53

    api-fips.route53-eu-west-1.com

    route53-fips.amazonaws.com

    Amazon Simple Storage Service (S3)

    s3-fips.us-east-2.amazonaws.com

    s3-fips.dualstack.us-west-1.amazonaws.com

    s3-fips.dualstack.us-west-2.amazonaws.com

    s3-fips.dualstack.us-east-2.amazonaws.com

    s3-fips.dualstack.us-east-1.amazonaws.com

    s3-fips.us-west-1.amazonaws.com

    s3-fips.us-west-2.amazonaws.com

    s3-fips.us-east-1.amazonaws.com

    AWS Shield

    shield-fips.us-east-1.amazonaws.com

    AWS Snowball

    Does not need FIPS

    Amazon Simple Notification Service (SNS)

    sns-fips.us-west-1.amazonaws.com

    sns-fips.us-west-2.amazonaws.com

    sns-fips.us-east-2.amazonaws.com

    sns-fips.us-east-1.amazonaws.com

    Amazon Simple Queue Service (SQS)

    sqs-fips.us-west-1.amazonaws.com

    AWS Security Token Service (STS)

    sts-fips.us-west-1.amazonaws.com

    sts-fips.us-west-2.amazonaws.com

    sts-fips.us-east-2.amazonaws.com

    sts-fips.us-east-1.amazonaws.com

    Amazon Simple Workflow Service (SWF)

    swf-fips.us-west-1.amazonaws.com

    swf-fips.us-west-2.amazonaws.com

    swf-fips.us-east-2.amazonaws.com

    swf-fips.us-east-1.amazonaws.com

    AWS Systems Manager

    ssm-fips.us-west-1.amazonaws.com

    ssm-fips.us-west-2.amazonaws.com

    ssm-fips.us-east-2.amazonaws.com

    ssm-fips.us-east-1.amazonaws.com

    Amazon Virtual Private Cloud (VPC)

    Uses EC2 Directly

    AWS WAF

    waf-regional-fips.us-west-1.amazonaws.com

    waf-regional-fips.us-west-2.amazonaws.com

    waf-regional-fips.us-east-1.amazonaws.com

    waf-fips.amazonaws.com

    waf-regional-fips.eu-west-1.amazonaws.com

    waf-regional-fips.ap-northeast-1.amazonaws.com

    Amazon WorkDocs

    workdocs-fips.us-west-2.amazonaws.com

    workdocs-fips.us-east-1.amazonaws.com

    For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

  • What are the FIPS endpoints for AWS GovCloud (US)?

    The following table lists each FIPS endpoint available for various AWS services in the AWS Region GovCloud (US):

    AWS Service     AWS GovCloud (US) Endpoints    
    AWS Certificate Manager

    acm.us-gov-west-1.amazonaws.com

    Amazon API Gateway

    apigateway-fips.us-gov-west-1.amazonaws.com

    Amazon EC2 Autoscaling

    autoscaling.us-gov-west-1.amazonaws.com

    AWS CloudFormation

    cloudformation.us-gov-west-1.amazonaws.com

    AWS CloudHSM

    cloudhsm.us-gov-west-1.amazonaws.com

    AWS CloudTrail

    cloudtrail.us-gov-west-1.amazonaws.com

    Amazon CloudWatch (Events)

    events.us-gov-west-1.amazonaws.com

    Amazon CloudWatch (Logs)

    logs.us-gov-west-1.amazonaws.com

    AWS CodeDeploy

    codedeploy.us-gov-west-1.amazonaws.com

    AWS Config

    config.us-gov-west-1.amazonaws.com

    AWS Database Migration Service (DMS)

    dms.us-gov-west-1.amazonaws.com

    Amazon DynamoDB

    dynamodb.us-gov-west-1.amazonaws.com

    Amazon Elastic Block Store (EBS) ec2.us-gov-west-1.amazonaws.com
    Amazon Elastic Compute Cloud (EC2)

    ec2.us-gov-west-1.amazonaws.com

    Amazon ElastiCache

    elasticache-fips.us-gov-west-1.amazonaws.com

    Elastic Load Balancing

    elasticloadbalancing.us-gov-west-1.amazonaws.com

    Amazon EMR (Amazon EMR)

    elasticmapreduce.us-gov-west-1.amazonaws.com

    Amazon Glacier

    glacier.us-gov-west-1.amazonaws.com

    AWS Identity and Access Management (IAM)

    iam.us-gov.amazonaws.com

    Amazon Kinesis Streams

    kinesis.us-gov-west-1.amazonaws.com

    AWS Key Management Service (KMS)

    kms-fips.us-gov-west-1.amazonaws.com

    AWS Lambda

    lambda-fips.us-gov-west-1.amazonaws.com

    Amazon Relational Database Service (RDS)

    rds.us-gov-west-1.amazonaws.com

    Amazon Redshift

    redshift.us-gov-west-1.amazonaws.com

    Amazon Simple Storage Service (S3)

    s3-fips.dualstack.us-gov-west-1.amazonaws.com

    s3-fips-us-gov-west-1.amazonaws.com

    AWS Shield

    Has only one endpoint

    AWS Snowball

    Does not need FIPS

    Amazon Simple Notification Service (SNS)

    sns.us-gov-west-1.amazonaws.com

    Amazon Simple Queue Service (SQS)

    sqs.us-gov-west-1.amazonaws.com

    AWS Security Token Service (STS)

    sts.us-gov-west-1.amazonaws.com

    Amazon Simple Workflow Service (SWF)

    swf.us-gov-west-1.amazonaws.com

    AWS Systems Manager ssm.us-gov-west-1.amazonaws.com

    Amazon Virtual Private Cloud (VPC)

    ec2.us-gov-west-1.amazonaws.com

    For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

compliance-contactus-icon
Have Questions? Connect with an AWS Compliance Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »