Federal Information Processing Standard (FIPS) 140-2

Overview

FIPS_sized

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information. If you require use of FIPS 140-2 validated cryptographic modules when accessing AWS US East/West, AWS GovCloud (US), or AWS Canada (Central) through use of the command line interface (CLI) or programmatically by using the APIs, the following sections provide the list of available FIPS endpoints by AWS Region. The Amazon Virtual Private Cloud VPN endpoints in AWS GovCloud (US) operate using FIPS 140-2 validated cryptographic modules. AWS works with customers to provide the information they need to manage compliance when using the AWS US East/West, AWS GovCloud (US), or AWS Canada (Central) Regions. For more information about the standard, see Cryptographic Module Validation Program on the NIST Computer Security Resource Center website.

  • What are the FIPS endpoints for AWS US East/West?

    The following table lists each FIPS endpoint available for various AWS services in the AWS Region US East/West. 

    AWS Service     AWS US East/West Endpoints    
    Amazon API Gateway

    apigateway-fips.us-west-1.amazonaws.com

    apigateway-fips.us-west-2.amazonaws.com

    apigateway-fips.us-east-2.amazonaws.com

    apigateway-fips.us-east-1.amazonaws.com
    Amazon AppStream 2.0

    appstream2-fips.us-east-1.amazonaws.com

    appstream2-fips.us-west-2.amazonaws.com
    Amazon Cloud Directory

    clouddirectory-fips.us-west-1.amazonaws.com

    clouddirectory-fips.us-east-2.amazonaws.com

    clouddirectory-fips.us-east-1.amazonaws.com
    AWS CloudFormation  

    cloudformation-fips.us-east-1.amazonaws.com

    cloudformation-fips.us-east-2.amazonaws.com

    cloudformation-fips.us-west-1.amazonaws.com

    cloudformation-fips.us-west-2.amazonaws.com
    AWS CloudTrail

    cloudtrail-fips.us-west-1.amazonaws.com

    cloudtrail-fips.us-west-2.amazonaws.com

    cloudtrail-fips.us-east-2.amazonaws.com

    cloudtrail-fips.us-east-1.amazonaws.com
    AWS CodeCommit

    git-codecommit-fips.us-east-1.amazonaws.com

    codecommit-fips.us-east-1.amazonaws.com

    git-codecommit-fips.us-east-2.amazonaws.com

    codecommit-fips.us-east-2.amazonaws.com

    git-codecommit-fips.us-west-1.amazonaws.com

    codecommit-fips.us-west-1.amazonaws.com

    git-codecommit-fips.us-west-2.amazonaws.com

    codecommit-fips.us-west-2.amazonaws.com
    Amazon Cognito

    cognito-sync-fips.us-west-2.amazonaws.com

    cognito-identity-fips.us-west-2.amazonaws.com

    cognito-idp-fips.us-west-2.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-west-2.amazoncognito.com

    cognito-sync-fips.us-east-2.amazonaws.com

    cognito-identity-fips.us-east-2.amazonaws.com

    cognito-idp-fips.us-east-2.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-east-2.amazoncognito.com

    cognito-sync-fips.us-east-1.amazonaws.com

    cognito-identity-fips.us-east-1.amazonaws.com

    cognito-idp-fips.us-east-1.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-east-1.amazoncognito.com
    AWS Config

    config-fips.us-west-1.amazonaws.com

    config-fips.us-west-2.amazonaws.com

    config-fips.us-east-2.amazonaws.com

    config-fips.us-east-1.amazonaws.com    
    AWS Database Migration Service (DMS)

    dms-fips.us-west-1.amazonaws.com

    dms-fips.us-west-2.amazonaws.com

    dms-fips.us-east-2.amazonaws.com

    dms-fips.us-east-1.amazonaws.com
    AWS Directory Service 

    ds-fips.us-west-1.amazonaws.com

    ds-fips.us-west-2.amazonaws.com

    ds-fips.us-east-2.amazonaws.com

    ds-fips.us-east-1.amazonaws.com
    Amazon DynamoDB

    dynamodb-fips.us-west-1.amazonaws.com

    dynamodb-fips.us-west-2.amazonaws.com

    dynamodb-fips.us-east-2.amazonaws.com

    dynamodb-fips.us-east-1.amazonaws.com
    AWS Elastic Beanstalk

    elasticbeanstalk-fips.us-east-1.amazonaws.com

    elasticbeanstalk-fips.us-east-2.amazonaws.com

    elasticbeanstalk-fips.us-west-1.amazonaws.com

    elasticbeanstalk-fips.us-west-2.amazonaws.com
    Amazon Elastic Block Store (EBS) Using EC2 Directly
    Amazon Elastic Compute Cloud (EC2)

    ec2-fips.us-west-1.amazonaws.com

    ec2-fips.us-west-2.amazonaws.com

    ec2-fips.us-east-2.amazonaws.com

    ec2-fips.us-east-1.amazonaws.com
    Amazon Elastic Container Registry

    ecr-fips.us-west-1.amazonaws.com

    ecr-fips.us-west-2.amazonaws.com

    ecr-fips.us-east-2.amazonaws.com

    ecr-fips.us-east-1.amazonaws.com

    *.dkr.ecr-fips.us-west-1.amazonaws.com

    *.dkr.ecr-fips.us-west-2.amazonaws.com

    *.dkr.ecr-fips.us-east-2.amazonaws.com

    *.dkr.ecr-fips.us-east-1.amazonaws.com
    Amazon ElastiCache

    elasticache-fips.us-east-1.amazonaws.com

    elasticache-fips.us-east-2.amazonaws.com

    elasticache-fips.us-west-1.amazonaws.com

    elasticache-fips.us-west-2.amazonaws.com
    Elastic Load Balancing

    elasticloadbalancing-fips.us-west-1.amazonaws.com

    elasticloadbalancing-fips.us-west-2.amazonaws.com

    elasticloadbalancing-fips.us-east-2.amazonaws.com

    elasticloadbalancing-fips.us-east-1.amazonaws.com
    Amazon Elasticsearch es-fips.us-west-1.amazonaws.com
    es-fips.us-west-2.amazonaws.com
    es-fips.us-east-1.amazonaws.com
    es-fips.us-east-2.amazonaws.com
    Amazon EMR (Amazon EMR)

    elasticmapreduce-fips.us-west-1.amazonaws.com

    elasticmapreduce-fips.us-west-2.amazonaws.com

    elasticmapreduce-fips.us-east-1.amazonaws.com

    elasticmapreduce-fips.us-east-2.amazonaws.com
    Amazon Glacier

    glacier-fips.us-west-1.amazonaws.com

    glacier-fips.us-west-2.amazonaws.com

    glacier-fips.us-east-2.amazonaws.com

    glacier-fips.us-east-1.amazonaws.com
    Amazon GuardDuty

    guardduty-fips.us-east-1.amazonaws.com

    guardduty-fips.us-west-1.amazonaws.com

    guardduty-fips.us-east-2.amazonaws.com

    guardduty-fips.us-west-2.amazonaws.com
    AWS Identity and Access Management (IAM) iam-fips.amazonaws.com (IAD Region Only)    
    Amazon Inspector

    inspector-fips.us-west-1.amazonaws.com

    inspector-fips.us-west-2.amazonaws.com

    inspector-fips.us-east-1.amazonaws.com
    Amazon Kinesis Streams

    kinesis-fips.us-west-1.amazonaws.com

    kinesis-fips.us-west-2.amazonaws.com

    kinesis-fips.us-east-2.amazonaws.com

    kinesis-fips.us-east-1.amazonaws.com
    AWS Key Management Service (KMS)

    kms-fips.us-west-1.amazonaws.com

    kms-fips.us-west-2.amazonaws.com

    kms-fips.us-east-2.amazonaws.com

    kms-fips.us-east-1.amazonaws.com

    AWS Lambda

    lambda-fips.us-west-1.amazonaws.com

    lambda-fips.us-west-2.amazonaws.com

    lambda-fips.us-east-2.amazonaws.com

    lambda-fips.us-east-1.amazonaws.com
    Amazon MQ

    mq-fips.us-east-1.amazonaws.com

    mq-fips.us-east-2.amazonaws.com

    mq-fips.us-west-1.amazonaws.com

    mq-fips.us-west-2.amazonaws.com
    Amazon Pinpoint

    pinpoint-fips.us-east-1.amazonaws.com

    pinpoint-fips.us-west-2.amazonaws.com

    Amazon Quicksight

    fips-us-west-2.quicksight.aws.amazon.com

    fips-us-east-2.quicksight.aws.amazon.com

    fips-us-east-1.quicksight.aws.amazon.com
    Amazon Relational Database Service (RDS) / Amazon Aurora

    rds-fips.us-west-1.amazonaws.com

    rds-fips.us-west-2.amazonaws.com

    rds-fips.us-east-2.amazonaws.com

    rds-fips.us-east-1.amazonaws.com

    Amazon Redshift

    redshift-fips.us-west-1.amazonaws.com

    redshift-fips.us-west-2.amazonaws.com

    redshift-fips.us-east-2.amazonaws.com

    redshift-fips.us-east-1.amazonaws.com

    Amazon Route 53

    api-fips.route53-eu-west-1.com

    route53-fips.amazonaws.com
    Amazon SageMaker

    api-fips.sagemaker.us-east-1.amazonaws.com

    api-fips.sagemaker.us-east-2.amazonaws.com

    api-fips.sagemaker.us-west-2.amazonaws.com

    runtime-fips.sagemaker.us-east-1.amazonaws.com

    runtime-fips.sagemaker.us-east-2.amazonaws.com

    runtime-fips.sagemaker.us-west-2.amazonaws.com
    AWS Security Token Service (STS)

    sts-fips.us-west-1.amazonaws.com

    sts-fips.us-west-2.amazonaws.com

    sts-fips.us-east-2.amazonaws.com

    sts-fips.us-east-1.amazonaws.com
    AWS Service Catalog

    servicecatalog-fips.us-west-1.amazonaws.com

    servicecatalog-fips.us-west-2.amazonaws.com

    servicecatalog-fips.us-east-1.amazonaws.com

    servicecatalog-fips.us-east-2.amazonaws.com
    AWS Shield shield-fips.us-east-1.amazonaws.com
    Amazon Simple Email Service (API HTTPS)

    email-fips.us-east-1.amazonaws.com

    email-fips.us-west-2.amazonaws.com
    Amazon Simple Email Service (SMTP)

    email-smtp-fips.us-east-1.amazonaws.com

    email-smtp-fips.us-west-2.amazonaws.com
    Amazon Simple Notification Service (SNS)

    sns-fips.us-west-1.amazonaws.com

    sns-fips.us-west-2.amazonaws.com

    sns-fips.us-east-2.amazonaws.com

    sns-fips.us-east-1.amazonaws.com
    Amazon Simple Queue Service (SQS) sqs-fips.us-west-1.amazonaws.com

    Amazon Simple Storage Service (S3)

    Note: These Endpoints can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.us-east-2.amazonaws.com. Visit the Amazon S3 Documentation page for more information.

    s3-fips.us-east-2.amazonaws.com

    s3-fips.dualstack.us-west-1.amazonaws.com

    s3-fips.dualstack.us-west-2.amazonaws.com

    s3-fips.dualstack.us-east-2.amazonaws.com

    s3-fips.dualstack.us-east-1.amazonaws.com

    s3-fips.us-west-1.amazonaws.com

    s3-fips.us-west-2.amazonaws.com

    s3-fips.us-east-1.amazonaws.com

    Amazon Simple Workflow Service (SWF)

    swf-fips.us-west-1.amazonaws.com

    swf-fips.us-west-2.amazonaws.com

    swf-fips.us-east-2.amazonaws.com

    swf-fips.us-east-1.amazonaws.com
    AWS Snowball Does not need FIPS
    AWS Systems Manager

    ssm-fips.us-west-1.amazonaws.com

    ssm-fips.us-west-2.amazonaws.com

    ssm-fips.us-east-2.amazonaws.com

    ssm-fips.us-east-1.amazonaws.com

    Amazon Virtual Private Cloud (VPC)

    		 Uses EC2 Directly

    AWS WAF

    waf-regional-fips.us-west-1.amazonaws.com

    waf-regional-fips.us-west-2.amazonaws.com

    waf-regional-fips.us-east-1.amazonaws.com

    waf-regional-fips.us-east-2.amazonaws.com

    waf-fips.amazonaws.com

    Amazon WorkDocs

    workdocs-fips.us-west-2.amazonaws.com

    workdocs-fips.us-east-1.amazonaws.com
    shield-fips.us-east-1.amazonaws.com
    shield-fips.us-east-1.amazonaws.com
    shield-fips.us-east-1.amazonaws.com
    Does not need FIPS

    For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

  • What are the FIPS endpoints for AWS GovCloud (US)?

    For a list of the FIPS endpoints available for AWS GovCloud (US), refer to the AWS GovCloud (US) User Guide.

  • What are the FIPS endpoints for AWS Canada (Central)?
    AWS Service     AWS Canada (Central) Endpoints    
    Amazon API Gateway apigateway-fips.ca-central-1.amazonaws.com
    Amazon CodeCommit

    git-codecommit-fips.ca-central-1.amazonaws.com

    codecommit-fips.ca-central-1.amazonaws.com
    AWS Directory Service 

    ds-fips.ca-central-1.amazonaws.com
    Amazon DynamoDB dynamodb-fips.ca-central-1.amazonaws.com
    Amazon Elastic Compute Cloud (EC2)

    ec2-fips.ca-central-1.amazonaws.com
    Amazon EMR (Amazon EMR)

    elasticmapreduce-fips.ca-central-1.amazonaws.com
    Amazon Glacier

    glacier-fips.ca-central-1.amazonaws.com
    Amazon Relational Database Service (RDS) / Amazon Aurora

    rds-fips.ca-central-1.amazonaws.com

    Amazon Redshift

    redshift-fips.ca-central-1.amazonaws.com

    AWS Security Token Service (STS)

    sts.ca-central-1.amazonaws.com

    Amazon Simple Storage Service (Amazon S3)

    Note: This Endpoint can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.ca-central-1.amazonaws.com. Visit the Amazon S3 Documentation page for more information.

    		 s3-fips.ca-central-1.amazonaws.com
compliance-contactus-icon
Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »