FIPS 140-2

Overview

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government security standard that specifies the security requirements for cryptographic modules protecting sensitive information. To support customers with FIPS 140-2 requirements, the Amazon Virtual Private Cloud VPN endpoints and SSL terminations in AWS GovCloud (US) operate using FIPS 140-2 validated cryptographic modules. AWS works with AWS GovCloud (US) customers to provide the information they need to help manage compliance when using the AWS GovCloud (US) environment.

What are the FIPS Endpoints for AWS US East/West?

If you require use of FIPS 140-2 validated cryptographic modules when accessing AWS US East/West through use of the command line interface (CLI) or programmatically by using the APIs, this page provides the proper endpoints for each corresponding AWS Region.

The following table lists each FIPS endpoint available for AWS services in US East/West:

AWS Service	AWS US East/West Endpoints
AWS Directory Service	ds-fips.us-west-1.amazonaws.com ds-fips.us-west-2.amazonaws.com ds-fips.us-east-2.amazonaws.com ds-fips.us-east-1.amazonaws.com
Amazon API Gateway	apigateway-fips.us-west-1.amazonaws.com apigateway-fips.us-west-2.amazonaws.com apigateway-fips.us-east-2.amazonaws.com apigateway-fips.us-east-1.amazonaws.com
Amazon Cloud Directory	clouddirectory-fips.us-west-1.amazonaws.com clouddirectory-fips.us-east-2.amazonaws.com clouddirectory-fips.us-east-1.amazonaws.com
AWS CloudTrail	cloudtrail-fips.us-west-1.amazonaws.com cloudtrail-fips.us-west-2.amazonaws.com cloudtrail-fips.us-east-2.amazonaws.com cloudtrail-fips.us-east-1.amazonaws.com
Amazon Cognito	cognito-sync-fips.us-west-2.amazonaws.com cognito-identity-fips.us-west-2.amazonaws.com cognito-idp-fips.us-west-2.amazonaws.com <your_user_pool_domain>.auth-fips.us-west-2.amazoncognito.com cognito-sync-fips.us-east-2.amazonaws.com cognito-identity-fips.us-east-2.amazonaws.com cognito-idp-fips.us-east-2.amazonaws.com <your_user_pool_domain>.auth-fips.us-east-2.amazoncognito.com cognito-sync-fips.us-east-1.amazonaws.com cognito-identity-fips.us-east-1.amazonaws.com cognito-idp-fips.us-east-1.amazonaws.com <your_user_pool_domain>.auth-fips.us-east-1.amazoncognito.com
AWS Config	config-fips.us-west-1.amazonaws.com config-fips.us-west-2.amazonaws.com config-fips.us-east-2.amazonaws.com config-fips.us-east-1.amazonaws.com
AWS Database Migration Service (DMS)	dms-fips.us-west-1.amazonaws.com dms-fips.us-west-2.amazonaws.com dms-fips.us-east-2.amazonaws.com dms-fips.us-east-1.amazonaws.com
Amazon DynamoDB	dynamodb-fips.us-west-1.amazonaws.com dynamodb-fips.us-west-2.amazonaws.com dynamodb-fips.us-east-2.amazonaws.com dynamodb-fips.us-east-1.amazonaws.com
Amazon Elastic Block Store (EBS)	Using EC2 Directly
Amazon Elastic Compute Cloud (EC2)	ec2-fips.us-west-1.amazonaws.com ec2-fips.us-west-2.amazonaws.com ec2-fips.us-east-2.amazonaws.com ec2-fips.us-east-1.amazonaws.com
Amazon ElastiCache	elasticache-fips.us-east-1.amazonaws.com elasticache-fips.us-east-2.amazonaws.com elasticache-fips.us-west-1.amazonaws.com elasticache-fips.us-west-2.amazonaws.com
Elastic Load Balancing	elasticloadbalancing-fips.us-west-1.amazonaws.com elasticloadbalancing-fips.us-west-2.amazonaws.com elasticloadbalancing-fips.us-east-2.amazonaws.com elasticloadbalancing-fips.us-east-1.amazonaws.com
Amazon EMR (Amazon EMR)	elasticmapreduce-fips.us-west-1.amazonaws.com elasticmapreduce-fips.us-west-2.amazonaws.com elasticmapreduce-fips.us-east-1.amazonaws.com elasticmapreduce-fips.us-east-2.amazonaws.com
Amazon Glacier	glacier-fips.us-west-1.amazonaws.com glacier-fips.us-west-2.amazonaws.com glacier-fips.us-east-2.amazonaws.com glacier-fips.us-east-1.amazonaws.com
AWS Identity and Access Management (IAM)	iam-fips.amazonaws.com (IAD Region Only)
Amazon Inspector	inspector-fips.us-west-1.amazonaws.com inspector-fips.us-west-2.amazonaws.com inspector-fips.us-east-1.amazonaws.com
Amazon Kinesis Streams	kinesis-fips.us-west-1.amazonaws.com kinesis-fips.us-west-2.amazonaws.com kinesis-fips.us-east-2.amazonaws.com kinesis-fips.us-east-1.amazonaws.com
AWS Key Management Service (KMS)	kms-fips.us-west-1.amazonaws.com kms-fips.us-west-2.amazonaws.com kms-fips.us-east-2.amazonaws.com kms-fips.us-east-1.amazonaws.com
AWS Lambda	lambda-fips.us-west-1.amazonaws.com lambda-fips.us-west-2.amazonaws.com lambda-fips.us-east-2.amazonaws.com lambda-fips.us-east-1.amazonaws.com
Amazon Quicksight	fips-us-west-2.quicksight.aws.amazon.com fips-us-east-2.quicksight.aws.amazon.com fips-us-east-1.quicksight.aws.amazon.com
Amazon Relational Database Service (RDS)	rds-fips.us-west-1.amazonaws.com rds-fips.us-west-2.amazonaws.com rds-fips.us-east-2.amazonaws.com rds-fips.us-east-1.amazonaws.com
Amazon Redshift	redshift-fips.us-west-1.amazonaws.com redshift-fips.us-west-2.amazonaws.com redshift-fips.us-east-2.amazonaws.com redshift-fips.us-east-1.amazonaws.com
Amazon Route 53	api-fips.route53-eu-west-1.com route53-fips.amazonaws.com
Amazon Simple Storage Service (S3)	s3-fips.us-east-2.amazonaws.com s3-fips.dualstack.us-west-1.amazonaws.com s3-fips.dualstack.us-west-2.amazonaws.com s3-fips.dualstack.us-east-2.amazonaws.com s3-fips.dualstack.us-east-1.amazonaws.com s3-fips.us-west-1.amazonaws.com s3-fips.us-west-2.amazonaws.com s3-fips.us-east-1.amazonaws.com
AWS Shield	shield-fips.us-east-1.amazonaws.com
AWS Snowball	Does not need FIPS
Amazon Simple Notification Service (SNS)	sns-fips.us-west-1.amazonaws.com sns-fips.us-west-2.amazonaws.com sns-fips.us-east-2.amazonaws.com sns-fips.us-east-1.amazonaws.com
Amazon Simple Queue Service (SQS)	sqs-fips.us-west-1.amazonaws.com
AWS Security Token Service (STS)	sts-fips.us-west-1.amazonaws.com sts-fips.us-west-2.amazonaws.com sts-fips.us-east-2.amazonaws.com sts-fips.us-east-1.amazonaws.com
Amazon Simple Workflow Service (SWF)	swf-fips.us-west-1.amazonaws.com swf-fips.us-west-2.amazonaws.com swf-fips.us-east-2.amazonaws.com swf-fips.us-east-1.amazonaws.com
AWS Systems Manager	ssm-fips.us-west-1.amazonaws.com ssm-fips.us-west-2.amazonaws.com ssm-fips.us-east-2.amazonaws.com ssm-fips.us-east-1.amazonaws.com
Amazon Virtual Private Cloud (VPC)	Uses EC2 Directly
AWS WAF	waf-regional-fips.us-west-1.amazonaws.com waf-regional-fips.us-west-2.amazonaws.com waf-regional-fips.us-east-1.amazonaws.com waf-fips.amazonaws.com waf-regional-fips.eu-west-1.amazonaws.com waf-regional-fips.ap-northeast-1.amazonaws.com
Amazon WorkDocs	workdocs-fips.us-west-2.amazonaws.com workdocs-fips.us-east-1.amazonaws.com

For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

What are the FIPS Endpoints for AWS GovCloud (US)?

If you require use of FIPS 140-2 validated cryptographic modules when accessing AWS GovCloud (US) through use of the command line interface (CLI) or programmatically by using the APIs, this page provides the proper endpoints for each corresponding AWS Region.

The following table lists each FIPS endpoint available for AWS services in AWS GovCloud (US):

AWS Service	AWS GovCloud (US) Endpoints
AWS Certificate Manager	acm.us-gov-west-1.amazonaws.com
Amazon API Gateway	apigateway-fips.us-gov-west-1.amazonaws.com
Amazon EC2 Autoscaling	autoscaling.us-gov-west-1.amazonaws.com
AWS CloudFormation	cloudformation.us-gov-west-1.amazonaws.com
AWS CloudHSM	cloudhsm.us-gov-west-1.amazonaws.com
AWS CloudTrail	cloudtrail.us-gov-west-1.amazonaws.com
Amazon CloudWatch (Events)	events.us-gov-west-1.amazonaws.com
Amazon CloudWatch (Logs)	logs.us-gov-west-1.amazonaws.com
AWS CodeDeploy	codedeploy.us-gov-west-1.amazonaws.com
AWS Config	config.us-gov-west-1.amazonaws.com
AWS Database Migration Service (DMS)	dms.us-gov-west-1.amazonaws.com
Amazon DynamoDB	dynamodb.us-gov-west-1.amazonaws.com
Amazon Elastic Block Store (EBS)	ec2.us-gov-west-1.amazonaws.com
Amazon Elastic Compute Cloud (EC2)	ec2.us-gov-west-1.amazonaws.com
Amazon ElastiCache	elasticache-fips.us-gov-west-1.amazonaws.com
Elastic Load Balancing	elasticloadbalancing.us-gov-west-1.amazonaws.com
Amazon EMR (Amazon EMR)	elasticmapreduce.us-gov-west-1.amazonaws.com
Amazon Glacier	glacier.us-gov-west-1.amazonaws.com
AWS Identity and Access Management (IAM)	iam.us-gov.amazonaws.com
Amazon Kinesis Streams	kinesis.us-gov-west-1.amazonaws.com
AWS Key Management Service (KMS)	kms-fips.us-gov-west-1.amazonaws.com
AWS Lambda	lambda-fips.us-gov-west-1.amazonaws.com
Amazon Relational Database Service (RDS)	rds.us-gov-west-1.amazonaws.com
Amazon Redshift	redshift.us-gov-west-1.amazonaws.com
Amazon Simple Storage Service (S3)	s3-fips.dualstack.us-gov-west-1.amazonaws.com s3-fips-us-gov-west-1.amazonaws.com
AWS Shield	Has only one endpoint
AWS Snowball	Does not need FIPS
Amazon Simple Notification Service (SNS)	sns.us-gov-west-1.amazonaws.com
Amazon Simple Queue Service (SQS)	sqs.us-gov-west-1.amazonaws.com
AWS Security Token Service (STS)	sts.us-gov-west-1.amazonaws.com
Amazon Simple Workflow Service (SWF)	swf.us-gov-west-1.amazonaws.com
AWS Systems Manager	ssm.us-gov-west-1.amazonaws.com
Amazon Virtual Private Cloud (VPC)	ec2.us-gov-west-1.amazonaws.com

For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

Have Questions? Connect with an AWS Compliance Representative

Exploring compliance roles?

Apply today »

Want AWS Compliance updates?