Federal Information Processing Standard (FIPS) 140-2

Overview

FIPS_sized

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information. If you require use of FIPS 140-2 validated cryptographic modules when accessing AWS US East/West, AWS GovCloud (US), or AWS Canada (Central) through use of the command line interface (CLI) or programmatically by using the APIs, the following sections provide the list of available FIPS endpoints by AWS Region. The Amazon Virtual Private Cloud VPN endpoints in AWS GovCloud (US) operate using FIPS 140-2 validated cryptographic modules. AWS works with customers to provide the information they need to manage compliance when using the AWS US East/West, AWS GovCloud (US), or AWS Canada (Central) Regions. For more information about the standard, see Cryptographic Module Validation Program on the NIST Computer Security Resource Center website.

  • What are the FIPS endpoints for AWS US East/West?

    The following table lists each FIPS endpoint available for various AWS services in the AWS Region US East/West. 

    AWS Service     AWS US East/West Endpoints    
    Amazon API Gateway

    apigateway-fips.us-east-1.amazonaws.com

    apigateway-fips.us-east-2.amazonaws.com

    apigateway-fips.us-west-1.amazonaws.com

    apigateway-fips.us-west-2.amazonaws.com

    Amazon AppStream 2.0

    appstream2-fips.us-east-1.amazonaws.com

    appstream2-fips.us-west-2.amazonaws.com

    Amazon Cloud Directory

    clouddirectory-fips.us-east-1.amazonaws.com

    clouddirectory-fips.us-east-2.amazonaws.com

    Amazon CloudFront
    cloudfront-fips.amazonaws.com
    Amazon Cognito

    <your_user_pool_domain>.auth-fips.us-east-1.amazoncognito.com

    <your_user_pool_domain>.auth-fips.us-east-2.amazoncognito.com

    <your_user_pool_domain>.auth-fips.us-west-2.amazoncognito.com

    cognito-identity-fips.us-east-1.amazonaws.com

    cognito-identity-fips.us-east-2.amazonaws.com

    cognito-identity-fips.us-west-2.amazonaws.com

    cognito-idp-fips.us-east-1.amazonaws.com

    cognito-idp-fips.us-east-2.amazonaws.com

    cognito-idp-fips.us-west-2.amazonaws.com

    cognito-sync-fips.us-east-1.amazonaws.com

    cognito-sync-fips.us-east-2.amazonaws.com

    cognito-sync-fips.us-west-2.amazonaws.com

    Amazon DynamoDB

    dynamodb-fips.us-east-1.amazonaws.com

    dynamodb-fips.us-east-2.amazonaws.com

    dynamodb-fips.us-west-1.amazonaws.com

    dynamodb-fips.us-west-2.amazonaws.com

    Amazon Elastic Block Store (EBS) Using Amazon EC2 Directly
    Amazon Elastic Compute Cloud (EC2)

    ec2-fips.us-east-1.amazonaws.com

    ec2-fips.us-east-2.amazonaws.com

    ec2-fips.us-west-1.amazonaws.com

    ec2-fips.us-west-2.amazonaws.com

    Amazon Elastic Container Registry

    *.dkr.ecr-fips.us-east-1.amazonaws.com

    *.dkr.ecr-fips.us-east-2.amazonaws.com

    *.dkr.ecr-fips.us-west-1.amazonaws.com

    *.dkr.ecr-fips.us-west-2.amazonaws.com

    ecr-fips.us-east-1.amazonaws.com

    ecr-fips.us-east-2.amazonaws.com

    ecr-fips.us-west-1.amazonaws.com

    ecr-fips.us-west-2.amazonaws.com

    Amazon ElastiCache

    elasticache-fips.us-east-1.amazonaws.com

    elasticache-fips.us-east-2.amazonaws.com

    elasticache-fips.us-west-1.amazonaws.com

    elasticache-fips.us-west-2.amazonaws.com

    Amazon Elasticsearch

    es-fips.us-east-1.amazonaws.com

    es-fips.us-east-2.amazonaws.com

    es-fips.us-west-1.amazonaws.com

    es-fips.us-west-2.amazonaws.com

    Amazon EMR

    elasticmapreduce-fips.us-east-1.amazonaws.com

    elasticmapreduce-fips.us-east-2.amazonaws.com

    elasticmapreduce-fips.us-west-1.amazonaws.com

    elasticmapreduce-fips.us-west-2.amazonaws.com

    Amazon GuardDuty

    guardduty-fips.us-east-1.amazonaws.com

    guardduty-fips.us-east-2.amazonaws.com

    guardduty-fips.us-west-1.amazonaws.com

    guardduty-fips.us-west-2.amazonaws.com

    Amazon Inspector

    inspector-fips.us-east-1.amazonaws.com

    inspector-fips.us-west-1.amazonaws.com

    inspector-fips.us-west-2.amazonaws.com

    Amazon Kinesis Streams

    kinesis-fips.us-east-1.amazonaws.com

    kinesis-fips.us-east-2.amazonaws.com

    kinesis-fips.us-west-1.amazonaws.com

    kinesis-fips.us-west-2.amazonaws.com

    Amazon MQ

    mq-fips.us-east-1.amazonaws.com

    mq-fips.us-east-2.amazonaws.com

    mq-fips.us-west-1.amazonaws.com

    mq-fips.us-west-2.amazonaws.com

    Amazon Pinpoint

    pinpoint-fips.us-east-1.amazonaws.com

    pinpoint-fips.us-west-2.amazonaws.com

    Amazon Polly

    polly-fips.us-east-1.amazonaws.com

    polly-fips.us-east-2.amazonaws.com

    polly-fips.us-west-1.amazonaws.com

    polly-fips.us-west-2.amazonaws.com

    Amazon QuickSight

    fips-us-east-1.quicksight.aws.amazon.com

    fips-us-east-2.quicksight.aws.amazon.com

    fips-us-west-2.quicksight.aws.amazon.com

    Amazon Redshift

    redshift-fips.us-east-1.amazonaws.com

    redshift-fips.us-east-2.amazonaws.com

    redshift-fips.us-west-1.amazonaws.com

    redshift-fips.us-west-2.amazonaws.com

    Amazon Relational Database Service (RDS) / Amazon Aurora

    rds-fips.us-east-1.amazonaws.com

    rds-fips.us-east-2.amazonaws.com

    rds-fips.us-west-1.amazonaws.com

    rds-fips.us-west-2.amazonaws.com

    Amazon Route 53

    route53-fips.amazonaws.com
    Amazon S3 Glacier

    glacier-fips.us-east-1.amazonaws.com

    glacier-fips.us-east-2.amazonaws.com

    glacier-fips.us-west-1.amazonaws.com

    glacier-fips.us-west-2.amazonaws.com

    Amazon SageMaker

    api-fips.sagemaker.us-west-1.amazonaws.com

    api-fips.sagemaker.us-east-1.amazonaws.com

    api-fips.sagemaker.us-east-2.amazonaws.com

    api-fips.sagemaker.us-west-2.amazonaws.com

    runtime-fips.sagemaker.us-east-1.amazonaws.com

    runtime-fips.sagemaker.us-east-2.amazonaws.com

    runtime-fips.sagemaker.us-west-2.amazonaws.com

    runtime-fips.sagemaker.us-west-1.amazonaws.com

    Amazon Simple Email Service (API HTTPS)

    email-fips.us-east-1.amazonaws.com

    email-fips.us-west-2.amazonaws.com

    Amazon Simple Email Service (SMTP)

    email-smtp-fips.us-east-1.amazonaws.com

    email-smtp-fips.us-west-2.amazonaws.com

    Amazon Simple Notification Service (SNS)

    sns-fips.us-west-1.amazonaws.com

    sns-fips.us-west-2.amazonaws.com

    sns-fips.us-east-2.amazonaws.com

    sns-fips.us-east-1.amazonaws.com

    Amazon Simple Queue Service (SQS)

    sqs-fips.us-east-2.amazonaws.com

    sqs-fips.us-west-2.amazonaws.com

    sqs-fips.us-east-1.amazonaws.com

    sqs-fips.us-west-1.amazonaws.com

    Amazon Simple Storage Service (S3)

    Note: These Endpoints can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.us-east-2.amazonaws.com. Visit the Amazon S3 Documentation page for more information.

    s3-fips.dualstack.us-east-1.amazonaws.com

    s3-fips.dualstack.us-east-2.amazonaws.com

    s3-fips.dualstack.us-west-1.amazonaws.com

    s3-fips.dualstack.us-west-2.amazonaws.com

    s3-fips.us-east-1.amazonaws.com

    s3-fips.us-east-2.amazonaws.com

    s3-fips.us-west-1.amazonaws.com

    s3-fips.us-west-2.amazonaws.com

    Amazon Simple Workflow Service (SWF)

    swf-fips.us-east-1.amazonaws.com

    swf-fips.us-east-2.amazonaws.com

    swf-fips.us-west-1.amazonaws.com

    swf-fips.us-west-2.amazonaws.com

    Amazon Translate

    translate-fips.us-west-2.amazonaws.com

    translate-fips.us-east-2.amazonaws.com

    translate-fips.us-east-1.amazonaws.com

    Amazon Virtual Private Cloud (VPC)

    Uses Amazon EC2 Directly

    Amazon WorkDocs

    workdocs-fips.us-east-1.amazonaws.com

    workdocs-fips.us-west-2.amazonaws.com

    AWS Certificate Manager

     

    acm-fips.us-east-1.amazonaws.com

    acm-fips.us-east-2.amazonaws.com

    acm-fips.us-west-2.amazonaws.com

    acm-fips.us-west-1.amazonaws.com

    AWS Certificate Manager Private CA

    acm-pca-fips.us-east-1.amazonaws.com

    acm-pca-fips.us-west-1.amazonaws.com

    acm-pca-fips.us-east-2.amazonaws.com

    acm-pca-fips.us-west-2.amazonaws.com

    AWS CloudFormation

    cloudformation-fips.us-east-1.amazonaws.com

    cloudformation-fips.us-east-2.amazonaws.com

    cloudformation-fips.us-west-1.amazonaws.com

    cloudformation-fips.us-west-2.amazonaws.com

    AWS CloudTrail

    cloudtrail-fips.us-east-1.amazonaws.com

    cloudtrail-fips.us-east-2.amazonaws.com

    cloudtrail-fips.us-west-1.amazonaws.com

    cloudtrail-fips.us-west-2.amazonaws.com

    AWS CodeBuild

    codebuild-fips.us-west-1.amazonaws.com

    codebuild-fips.us-east-1.amazonaws.com

    codebuild-fips.us-west-2.amazonaws.com

    codebuild-fips.us-east-2.amazonaws.com

    AWS CodeCommit

    codecommit-fips.us-east-1.amazonaws.com

    codecommit-fips.us-east-2.amazonaws.com

    codecommit-fips.us-west-1.amazonaws.com

    codecommit-fips.us-west-2.amazonaws.com

    git-codecommit-fips.us-east-1.amazonaws.com

    git-codecommit-fips.us-east-2.amazonaws.com

    git-codecommit-fips.us-west-1.amazonaws.com

    git-codecommit-fips.us-west-2.amazonaws.com

    AWS CodeDeploy

    codedeploy-fips.us-east-1.amazonaws.com

    codedeploy-fips.us-west-1.amazonaws.com

    codedeploy-fips.us-west-2.amazonaws.com

    codedeploy-fips.us-east-2.amazonaws.com

    AWS Config

    config-fips.us-east-1.amazonaws.com    

    config-fips.us-east-2.amazonaws.com

    config-fips.us-west-1.amazonaws.com

    config-fips.us-west-2.amazonaws.com    

    AWS Control Tower

    prod.us-east-2.blackbeard.aws.a2z.com

    prod.us-east-1.blackbeard.aws.a2z.com

    prod.us-west-2.blackbeard.aws.a2z.co

    AWS Database Migration Service (DMS)

    dms-fips.us-east-1.amazonaws.com

    dms-fips.us-east-2.amazonaws.com

    dms-fips.us-west-1.amazonaws.com

    dms-fips.us-west-2.amazonaws.com

    AWS DataSync

    datasync-fips.us-east-1.amazonaws.com

    datasync-fips.us-west-1.amazonaws.com

    datasync-fips.us-east-2.amazonaws.com

    datasync-fips.us-west-2.amazonaws.com

    AWS Direct Connect

    directconnect-fips.us-east-1.amazonaws.com

    directconnect-fips.us-east-2.amazonaws.com

    directconnect-fips.us-west-1.amazonaws.com

    directconnect-fips.us-west-2.amazonaws.com

    AWS Directory Service 

    ds-fips.us-east-1.amazonaws.com

    ds-fips.us-east-2.amazonaws.com

    ds-fips.us-west-1.amazonaws.com

    ds-fips.us-west-2.amazonaws.com

    AWS Elastic Beanstalk

    elasticbeanstalk-fips.us-east-1.amazonaws.com

    elasticbeanstalk-fips.us-east-2.amazonaws.com

    elasticbeanstalk-fips.us-west-1.amazonaws.com

    elasticbeanstalk-fips.us-west-2.amazonaws.com

    AWS Firewall Manager

    fms-fips.us-west-1.amazonaws.com

    fms-fips.us-east-1.amazonaws.com

    fms-fips.us-west-2.amazonaws.com

    fms-fips.us-east-2.amazonaws.com

    AWS Identity and Access Management (IAM) iam-fips.amazonaws.com (IAD Region Only)   
    AWS Key Management Service (KMS)

    kms-fips.us-east-1.amazonaws.com

    kms-fips.us-east-2.amazonaws.com

    kms-fips.us-west-1.amazonaws.com

    kms-fips.us-west-2.amazonaws.com

    AWS Lambda

    lambda-fips.us-east-1.amazonaws.com

    lambda-fips.us-east-2.amazonaws.com

    lambda-fips.us-west-1.amazonaws.com

    lambda-fips.us-west-2.amazonaws.com

    AWS Outposts

    outposts-fips.us-east-1.amazonaws.com

    outposts-fips.us-west-1.amazonaws.com

    AWS Resource Groups

    resource-groups-fips.us-east-1.amazonaws.com

    resource-groups-fips.us-east-2.amazonaws.com

    resource-groups-fips.us-west-2.amazonaws.com

    resource-groups-fips.us-west-1.amazonaws.com

    AWS Secrets Manager

    secretsmanager-fips.us-east-2.amazonaws.com

    secretsmanager-fips.us-west-1.amazonaws.com

    secretsmanager-fips.us-east-1.amazonaws.com

    secretsmanager-fips.us-west-2.amazonaws.com

    AWS Security Token Service (STS)

    sts-fips.us-east-1.amazonaws.com

    sts-fips.us-east-2.amazonaws.com

    sts-fips.us-west-1.amazonaws.com

    sts-fips.us-west-2.amazonaws.com

    AWS Server Migration Service (SMS)

    sms-fips.us-west-2.amazonaws.com

    sms-fips.us-east-1.amazonaws.com

    sms-fips.us-east-2.amazonaws.com

    sms-fips.us-west-1.amazonaws.com

    AWS Service Catalog

    servicecatalog-fips.us-east-1.amazonaws.com

    servicecatalog-fips.us-east-2.amazonaws.com

    servicecatalog-fips.us-west-1.amazonaws.com

    servicecatalog-fips.us-west-2.amazonaws.com

    AWS Shield shield-fips.us-east-1.amazonaws.com
    AWS Snowball Does not need FIPS
    AWS Systems Manager

    ssm-fips.us-east-1.amazonaws.com

    ssm-fips.us-east-2.amazonaws.com

    ssm-fips.us-west-1.amazonaws.com

    ssm-fips.us-west-2.amazonaws.com

    AWS WAF

    waf-fips.amazonaws.com

    waf-regional-fips.us-east-1.amazonaws.com

    waf-regional-fips.us-east-2.amazonaws.com

    waf-regional-fips.us-west-1.amazonaws.com

    waf-regional-fips.us-west-2.amazonaws.com

    wafv2-fips.us-east-1.amazonaws.com

    wafv2-fips.us-east-2.amazonaws.com

    wafv2-fips.us-west-1.amazonaws.com

    wafv2-fips.us-west-2.amazonaws.com

    Elastic Load Balancing

    elasticloadbalancing-fips.us-east-1.amazonaws.com

    elasticloadbalancing-fips.us-east-2.amazonaws.com

    elasticloadbalancing-fips.us-west-1.amazonaws.com

    elasticloadbalancing-fips.us-west-2.amazonaws.com

    shield-fips.us-east-1.amazonaws.com
    shield-fips.us-east-1.amazonaws.com
    shield-fips.us-east-1.amazonaws.com
    Does not need FIPS
    cloudfront-fips.amazonaws.com
    cloudfront-fips.amazonaws.com
    cloudfront-fips.amazonaws.com

    For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

  • What are the FIPS endpoints for AWS GovCloud (US)?

    For a list of the FIPS endpoints available for AWS GovCloud (US), refer to the AWS GovCloud (US) User Guide.

  • What are the FIPS endpoints for AWS Canada (Central)?

    AWS Service     AWS Canada (Central) Endpoints    
    Amazon API Gateway apigateway-fips.ca-central-1.amazonaws.com
    Amazon DynamoDB dynamodb-fips.ca-central-1.amazonaws.com
    Amazon Elastic Compute Cloud (EC2)

    ec2-fips.ca-central-1.amazonaws.com

    Amazon EMR

    elasticmapreduce-fips.ca-central-1.amazonaws.com

    Amazon Redshift

    redshift-fips.ca-central-1.amazonaws.com

    Amazon Relational Database Service (RDS) / Amazon Aurora

    rds-fips.ca-central-1.amazonaws.com

    Amazon S3 Glacier

    glacier-fips.ca-central-1.amazonaws.com

    Amazon Simple Storage Service (Amazon S3)

    Note: This Endpoint can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.ca-central-1.amazonaws.com. Visit the Amazon S3 Documentation page for more information.

    s3-fips.ca-central-1.amazonaws.com
    AWS Certificate Manager acm-fips.ca-central-1.amazonaws.com
    AWS Certificate Manager Private CA acm-pca-fips.ca-central-1.amazonaws.com
    Amazon CodeCommit

    git-codecommit-fips.ca-central-1.amazonaws.com

    codecommit-fips.ca-central-1.amazonaws.com

    AWS DataSync datasync-fips.ca-central-1.amazonaws.com
    AWS Directory Service 

    ds-fips.ca-central-1.amazonaws.com

    AWS Firewall Manager fms-fips.ca-central-1.amazonaws.com

    AWS Security Token Service (STS)

    sts.ca-central-1.amazonaws.com

    AWS WAF wafv2-fips.ca-central-1.amazonaws.com
compliance-contactus-icon
Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »