Federal Information Processing Standard (FIPS) 140-2

Overview

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information. If you require use of FIPS 140-2 validated cryptographic modules when accessing AWS US East/West, AWS GovCloud (US), or AWS Canada (Central) through use of the command line interface (CLI) or programmatically by using the APIs, the following sections provide the list of available FIPS endpoints by AWS Region. The Amazon Virtual Private Cloud VPN endpoints in AWS GovCloud (US) operate using FIPS 140-2 validated cryptographic modules. AWS works with customers to provide the information they need to manage compliance when using the AWS US East/West, AWS GovCloud (US), or AWS Canada (Central) Regions. For more information about the standard, see Cryptographic Module Validation Program on the NIST Computer Security Resource Center website.

What are the FIPS endpoints for AWS US East/West?

The following table lists each FIPS endpoint available for various AWS services in the AWS Region US East/West.

AWS Service	AWS US East/West Endpoints
Amazon API Gateway	apigateway-fips.us-east-1.amazonaws.com apigateway-fips.us-east-2.amazonaws.com apigateway-fips.us-west-1.amazonaws.com apigateway-fips.us-west-2.amazonaws.com
Amazon AppStream 2.0	appstream2-fips.us-east-1.amazonaws.com appstream2-fips.us-west-2.amazonaws.com
Amazon Cloud Directory	clouddirectory-fips.us-east-1.amazonaws.com clouddirectory-fips.us-east-2.amazonaws.com clouddirectory-fips.us-west-2.amazonaws.com
Amazon CloudFront	cloudfront-fips.amazonaws.com
Amazon CloudWatch Events	events-fips.us-east-1.amazonaws.com events-fips.us-east-2.amazonaws.com events-fips.us-west-1.amazonaws.com events-fips.us-west-2.amazonaws.com
Amazon CloudWatch Logs	logs-fips.us-east-1.amazonaws.com logs-fips.us-east-2.amazonaws.com logs-fips.us-west-1.amazonaws.com logs-fips.us-west-2.amazonaws.com
Amazon Cognito	<your_user_pool_domain>.auth-fips.us-east-1.amazoncognito.com <your_user_pool_domain>.auth-fips.us-east-2.amazoncognito.com <your_user_pool_domain>.auth-fips.us-west-2.amazoncognito.com cognito-identity-fips.us-east-1.amazonaws.com cognito-identity-fips.us-east-2.amazonaws.com cognito-identity-fips.us-west-2.amazonaws.com cognito-idp-fips.us-east-1.amazonaws.com cognito-idp-fips.us-east-2.amazonaws.com cognito-idp-fips.us-west-2.amazonaws.com cognito-sync-fips.us-east-1.amazonaws.com cognito-sync-fips.us-east-2.amazonaws.com cognito-sync-fips.us-west-2.amazonaws.com
Amazon Comprehend	comprehend-fips.us-east-1.amazonaws.com comprehend-fips.us-east-2.amazonaws.com comprehend-fips.us-west-2.amazonaws.com
Amazon Connect	connect-fips.us-east-1.amazonaws.com connect-fips.us-west-2.amazonaws.com
Amazon DynamoDB	dynamodb-fips.us-east-1.amazonaws.com dynamodb-fips.us-east-2.amazonaws.com dynamodb-fips.us-west-1.amazonaws.com dynamodb-fips.us-west-2.amazonaws.com
Amazon Elastic Block Store (EBS)	Using Amazon EC2 Directly
Amazon Elastic Compute Cloud (EC2)	ec2-fips.us-east-1.amazonaws.com ec2-fips.us-east-2.amazonaws.com ec2-fips.us-west-1.amazonaws.com ec2-fips.us-west-2.amazonaws.com ec2messages-fips.us-east-1.amazonaws.com ec2messages-fips.us-east-2.amazonaws.com ec2messages-fips.us-west-1.amazonaws.com ec2messages-fips.us-west-2.amazonaws.com
Amazon Elastic Container Registry	.dkr.ecr-fips.us-east-1.amazonaws.com .dkr.ecr-fips.us-east-2.amazonaws.com .dkr.ecr-fips.us-west-1.amazonaws.com .dkr.ecr-fips.us-west-2.amazonaws.com ecr-fips.us-east-1.amazonaws.com ecr-fips.us-east-2.amazonaws.com ecr-fips.us-west-1.amazonaws.com ecr-fips.us-west-2.amazonaws.com
Amazon Elastic Container Service	ecs-fips.us-east-1.amazonaws.com ecs-fips.us-east-2.amazonaws.com ecs-fips.us-west-1.amazonaws.com ecs-fips.us-west-2.amazonaws.com
Amazon Elastic File System	elasticfilesystem-fips.us-east-1.amazonaws.com elasticfilesystem-fips.us-east-2.amazonaws.com elasticfilesystem-fips.us-west-1.amazonaws.com elasticfilesystem-fips.us-west-2.amazonaws.com
Amazon Elastic Kubernetes Service (EKS)	fips.eks.us-east-1.amazonaws.com fips.eks.us-east-2.amazonaws.com fips.eks.us-west-1.amazonaws.com fips.eks.us-west-2.amazonaws.com
Amazon ElastiCache	elasticache-fips.us-east-1.amazonaws.com elasticache-fips.us-east-2.amazonaws.com elasticache-fips.us-west-1.amazonaws.com elasticache-fips.us-west-2.amazonaws.com
Amazon Elasticsearch	es-fips.us-east-1.amazonaws.com es-fips.us-east-2.amazonaws.com es-fips.us-west-1.amazonaws.com es-fips.us-west-2.amazonaws.com
Amazon EMR	elasticmapreduce-fips.us-east-1.amazonaws.com elasticmapreduce-fips.us-east-2.amazonaws.com elasticmapreduce-fips.us-west-1.amazonaws.com elasticmapreduce-fips.us-west-2.amazonaws.com
Amazon GuardDuty	guardduty-fips.us-east-1.amazonaws.com guardduty-fips.us-east-2.amazonaws.com guardduty-fips.us-west-1.amazonaws.com guardduty-fips.us-west-2.amazonaws.com
Amazon Inspector	inspector-fips.us-east-1.amazonaws.com inspector-fips.us-east-2.amazonaws.com inspector-fips.us-west-1.amazonaws.com inspector-fips.us-west-2.amazonaws.com
Amazon Kinesis Data Analytics	kinesisanalytics-fips.us-east-1.amazonaws.com kinesisanalytics-fips.us-east-2.amazonaws.com kinesisanalytics-fips.us-west-2.amazonaws.com
Amazon Kinesis Data Firehose	firehose-fips.us-east-1.amazonaws.com firehose-fips.us-east-2.amazonaws.com firehose-fips.us-west-1.amazonaws.com firehose-fips.us-west-2.amazonaws.com
Amazon Kinesis Streams	kinesis-fips.us-east-1.amazonaws.com kinesis-fips.us-east-2.amazonaws.com kinesis-fips.us-west-1.amazonaws.com kinesis-fips.us-west-2.amazonaws.com
Amazon Macie	macie-fips.us-east-1.amazonaws.com macie-fips.us-west-2.amazonaws.com
Amazon MQ	mq-fips.us-east-1.amazonaws.com mq-fips.us-east-2.amazonaws.com mq-fips.us-west-1.amazonaws.com mq-fips.us-west-2.amazonaws.com
Amazon Pinpoint	pinpoint-fips.us-east-1.amazonaws.com pinpoint-fips.us-west-2.amazonaws.com
Amazon Polly	polly-fips.us-east-1.amazonaws.com polly-fips.us-east-2.amazonaws.com polly-fips.us-west-1.amazonaws.com polly-fips.us-west-2.amazonaws.com
Amazon QuickSight	fips-us-east-1.quicksight.aws.amazon.com fips-us-east-2.quicksight.aws.amazon.com fips-us-west-2.quicksight.aws.amazon.com
Amazon Redshift	redshift-fips.us-east-1.amazonaws.com redshift-fips.us-east-2.amazonaws.com redshift-fips.us-west-1.amazonaws.com redshift-fips.us-west-2.amazonaws.com
Amazon Rekognition	rekognition-fips.us-east-1.amazonaws.com rekognition-fips.us-east-2.amazonaws.com rekognition-fips.us-west-1.amazonaws.com rekognition-fips.us-west-2.amazonaws.com
Amazon Relational Database Service (RDS) / Amazon Aurora	rds-fips.us-east-1.amazonaws.com rds-fips.us-east-2.amazonaws.com rds-fips.us-west-1.amazonaws.com rds-fips.us-west-2.amazonaws.com
Amazon Route 53	route53-fips.amazonaws.com
Amazon S3 Glacier	glacier-fips.us-east-1.amazonaws.com glacier-fips.us-east-2.amazonaws.com glacier-fips.us-west-1.amazonaws.com glacier-fips.us-west-2.amazonaws.com
Amazon SageMaker	api-fips.sagemaker.us-west-1.amazonaws.com api-fips.sagemaker.us-east-1.amazonaws.com api-fips.sagemaker.us-east-2.amazonaws.com api-fips.sagemaker.us-west-2.amazonaws.com runtime-fips.sagemaker.us-east-1.amazonaws.com runtime-fips.sagemaker.us-east-2.amazonaws.com runtime-fips.sagemaker.us-west-2.amazonaws.com runtime-fips.sagemaker.us-west-1.amazonaws.com
Amazon Simple Email Service (API HTTPS)	email-fips.us-east-1.amazonaws.com email-fips.us-west-2.amazonaws.com
Amazon Simple Email Service (SMTP)	email-smtp-fips.us-east-1.amazonaws.com email-smtp-fips.us-west-2.amazonaws.com
Amazon Simple Notification Service (SNS)	sns-fips.us-west-1.amazonaws.com sns-fips.us-west-2.amazonaws.com sns-fips.us-east-2.amazonaws.com sns-fips.us-east-1.amazonaws.com
Amazon Simple Queue Service (SQS)	sqs-fips.us-east-2.amazonaws.com sqs-fips.us-west-2.amazonaws.com sqs-fips.us-east-1.amazonaws.com sqs-fips.us-west-1.amazonaws.com
Amazon Simple Storage Service (S3) Note: These Endpoints can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.us-east-2.amazonaws.com. Visit the Amazon S3 Documentation page for more information.	s3-fips.dualstack.us-east-1.amazonaws.com s3-fips.dualstack.us-east-2.amazonaws.com s3-fips.dualstack.us-west-1.amazonaws.com s3-fips.dualstack.us-west-2.amazonaws.com s3-fips.us-east-1.amazonaws.com s3-fips.us-east-2.amazonaws.com s3-fips.us-west-1.amazonaws.com s3-fips.us-west-2.amazonaws.com
Amazon Simple Workflow Service (SWF)	swf-fips.us-east-1.amazonaws.com swf-fips.us-east-2.amazonaws.com swf-fips.us-west-1.amazonaws.com swf-fips.us-west-2.amazonaws.com
Amazon Transcribe	fips.transcribe.us-west-1.amazonaws.com
Amazon Translate	translate-fips.us-west-2.amazonaws.com translate-fips.us-east-2.amazonaws.com translate-fips.us-east-1.amazonaws.com
Amazon Virtual Private Cloud (VPC)	Uses Amazon EC2 Directly
Amazon WorkDocs	workdocs-fips.us-east-1.amazonaws.com workdocs-fips.us-west-2.amazonaws.com
Amazon WorkSpaces	workspaces-fips.us-east-1.amazonaws.com workspaces-fips.us-west-2.amazonaws.com
AWS Batch	fips.batch.us-east-1.amazonaws.com fips.batch.us-east-2.amazonaws.com fips.batch.us-west-1.amazonaws.com fips.batch.us-west-2.amazonaws.com
AWS Certificate Manager	acm-fips.us-east-1.amazonaws.com acm-fips.us-east-2.amazonaws.com acm-fips.us-west-2.amazonaws.com acm-fips.us-west-1.amazonaws.com
AWS Certificate Manager Private CA	acm-pca-fips.us-east-1.amazonaws.com acm-pca-fips.us-west-1.amazonaws.com acm-pca-fips.us-east-2.amazonaws.com acm-pca-fips.us-west-2.amazonaws.com
AWS CloudFormation	cloudformation-fips.us-east-1.amazonaws.com cloudformation-fips.us-east-2.amazonaws.com cloudformation-fips.us-west-1.amazonaws.com cloudformation-fips.us-west-2.amazonaws.com
AWS CloudTrail	cloudtrail-fips.us-east-1.amazonaws.com cloudtrail-fips.us-east-2.amazonaws.com cloudtrail-fips.us-west-1.amazonaws.com cloudtrail-fips.us-west-2.amazonaws.com
AWS CodeBuild	codebuild-fips.us-west-1.amazonaws.com codebuild-fips.us-east-1.amazonaws.com codebuild-fips.us-west-2.amazonaws.com codebuild-fips.us-east-2.amazonaws.com
AWS CodeCommit	codecommit-fips.us-east-1.amazonaws.com codecommit-fips.us-east-2.amazonaws.com codecommit-fips.us-west-1.amazonaws.com codecommit-fips.us-west-2.amazonaws.com git-codecommit-fips.us-east-1.amazonaws.com git-codecommit-fips.us-east-2.amazonaws.com git-codecommit-fips.us-west-1.amazonaws.com git-codecommit-fips.us-west-2.amazonaws.com
AWS CodeDeploy	codedeploy-fips.us-east-1.amazonaws.com codedeploy-fips.us-west-1.amazonaws.com codedeploy-fips.us-west-2.amazonaws.com codedeploy-fips.us-east-2.amazonaws.com codedeploy-commands-fips.us-east-1.amazonaws.com codedeploy-commands-fips.us-east-2.amazonaws.com codedeploy-commands-fips.us-west-1.amazonaws.com codedeploy-commands-fips.us-west-2.amazonaws.com
AWS CodePipeline	codepipeline-fips.us-east-1.amazonaws.com codepipeline-fips.us-east-2.amazonaws.com codepipeline-fips.us-west-1.amazonaws.com codepipeline-fips.us-west-2.amazonaws.com
AWS Config	config-fips.us-east-1.amazonaws.com config-fips.us-east-2.amazonaws.com config-fips.us-west-1.amazonaws.com config-fips.us-west-2.amazonaws.com
AWS Database Migration Service (DMS)	dms-fips.us-east-1.amazonaws.com dms-fips.us-east-2.amazonaws.com dms-fips.us-west-1.amazonaws.com dms-fips.us-west-2.amazonaws.com
AWS DataSync	datasync-fips.us-east-1.amazonaws.com datasync-fips.us-west-1.amazonaws.com datasync-fips.us-east-2.amazonaws.com datasync-fips.us-west-2.amazonaws.com
AWS Direct Connect	directconnect-fips.us-east-1.amazonaws.com directconnect-fips.us-east-2.amazonaws.com directconnect-fips.us-west-1.amazonaws.com directconnect-fips.us-west-2.amazonaws.com
AWS Directory Service	ds-fips.us-east-1.amazonaws.com ds-fips.us-east-2.amazonaws.com ds-fips.us-west-1.amazonaws.com ds-fips.us-west-2.amazonaws.com
AWS Elastic Beanstalk	elasticbeanstalk-fips.us-east-1.amazonaws.com elasticbeanstalk-fips.us-east-2.amazonaws.com elasticbeanstalk-fips.us-west-1.amazonaws.com elasticbeanstalk-fips.us-west-2.amazonaws.com
AWS Firewall Manager	fms-fips.us-west-1.amazonaws.com fms-fips.us-east-1.amazonaws.com fms-fips.us-west-2.amazonaws.com fms-fips.us-east-2.amazonaws.com
AWS Glue	glue-fips.us-east-1.amazonaws.com glue-fips.us-east-2.amazonaws.com glue-fips.us-west-1.amazonaws.com glue-fips.us-west-2.amazonaws.com
AWS Identity and Access Management (IAM)	iam-fips.amazonaws.com (IAD Region Only)
AWS IoT Core AWS IoT Device Management	iot-fips.us-east-1.amazonaws.com
AWS IoT Greengrass	greengrass-ats.iot-fips.us-east-1.amazonaws.com
AWS Key Management Service (KMS)	kms-fips.us-east-1.amazonaws.com kms-fips.us-east-2.amazonaws.com kms-fips.us-west-1.amazonaws.com kms-fips.us-west-2.amazonaws.com
AWS Lambda	lambda-fips.us-east-1.amazonaws.com lambda-fips.us-east-2.amazonaws.com lambda-fips.us-west-1.amazonaws.com lambda-fips.us-west-2.amazonaws.com
AWS License Manager	license-manager-fips.us-east-1.amazonaws.com license-manager-fips.us-east-2.amazonaws.com license-manager-fips.us-west-1.amazonaws.com license-manager-fips.us-west-2.amazonaws.com
AWS OpsWorks for Chef Automate AWS OpsWorks for Puppet Enterprise	opsworks-cm-fips.us-east-1.amazonaws.com opsworks-cm-fips.us-east-2.amazonaws.com opsworks-cm-fips.us-west-1.amazonaws.com opsworks-cm-fips.us-west-2.amazonaws.com
AWS Organizations	organizations-fips.us-east-1.amazonaws.com
AWS Outposts	outposts-fips.us-east-1.amazonaws.com outposts-fips.us-west-1.amazonaws.com
AWS Resource Groups	resource-groups-fips.us-east-1.amazonaws.com resource-groups-fips.us-east-2.amazonaws.com resource-groups-fips.us-west-2.amazonaws.com resource-groups-fips.us-west-1.amazonaws.com
AWS Secrets Manager	secretsmanager-fips.us-east-2.amazonaws.com secretsmanager-fips.us-west-1.amazonaws.com secretsmanager-fips.us-east-1.amazonaws.com secretsmanager-fips.us-west-2.amazonaws.com
AWS Security Token Service (STS)	sts-fips.us-east-1.amazonaws.com sts-fips.us-east-2.amazonaws.com sts-fips.us-west-1.amazonaws.com sts-fips.us-west-2.amazonaws.com
AWS Server Migration Service (SMS)	sms-fips.us-west-2.amazonaws.com sms-fips.us-east-1.amazonaws.com sms-fips.us-east-2.amazonaws.com sms-fips.us-west-1.amazonaws.com
AWS Service Catalog	servicecatalog-fips.us-east-1.amazonaws.com servicecatalog-fips.us-east-2.amazonaws.com servicecatalog-fips.us-west-1.amazonaws.com servicecatalog-fips.us-west-2.amazonaws.com
AWS Shield	shield-fips.us-east-1.amazonaws.com
AWS Snowball	snowball-fips.us-east-1.amazonaws.com snowball-fips.us-east-2.amazonaws.com snowball-fips.us-west-1.amazonaws.com snowball-fips.us-west-2.amazonaws.com
AWS Step Functions	states-fips.us-east-1.amazonaws.com states-fips.us-east-2.amazonaws.com states-fips.us-west-1.amazonaws.com states-fips.us-west-2.amazonaws.com
AWS Storage Gateway	storagegateway-fips.us-east-1.amazonaws.com storagegateway-fips.us-east-2.amazonaws.com storagegateway-fips.us-west-1.amazonaws.com storagegateway-fips.us-west-2.amazonaws.com
AWS Systems Manager	ssm-fips.us-east-1.amazonaws.com ssm-fips.us-east-2.amazonaws.com ssm-fips.us-west-1.amazonaws.com ssm-fips.us-west-2.amazonaws.com ssm-facade-fips.us-east-1.amazonaws.com ssm-facade-fips.us-east-2.amazonaws.com ssm-facade-fips.us-west-1.amazonaws.com ssm-facade-fips.us-west-2.amazonaws.com
AWS WAF	waf-fips.amazonaws.com waf-regional-fips.us-east-1.amazonaws.com waf-regional-fips.us-east-2.amazonaws.com waf-regional-fips.us-west-1.amazonaws.com waf-regional-fips.us-west-2.amazonaws.com wafv2-fips.us-east-1.amazonaws.com wafv2-fips.us-east-2.amazonaws.com wafv2-fips.us-west-1.amazonaws.com wafv2-fips.us-west-2.amazonaws.com
Elastic Load Balancing	elasticloadbalancing-fips.us-east-1.amazonaws.com elasticloadbalancing-fips.us-east-2.amazonaws.com elasticloadbalancing-fips.us-west-1.amazonaws.com elasticloadbalancing-fips.us-west-2.amazonaws.com

shield-fips.us-east-1.amazonaws.com

Does not need FIPS

cloudfront-fips.amazonaws.com

For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

What are the FIPS endpoints for AWS GovCloud (US)?

For a list of the FIPS endpoints available for AWS GovCloud (US), refer to the AWS GovCloud (US) User Guide.

What are the FIPS endpoints for AWS Canada (Central)?

AWS Service	AWS Canada (Central) Endpoints
Amazon API Gateway	apigateway-fips.ca-central-1.amazonaws.com
Amazon DynamoDB	dynamodb-fips.ca-central-1.amazonaws.com
Amazon Elastic Compute Cloud (EC2)	ec2-fips.ca-central-1.amazonaws.com
Amazon Elastic File System	elasticfilesystem-fips.ca-central-1.amazonaws.com
Amazon EMR	elasticmapreduce-fips.ca-central-1.amazonaws.com
Amazon Redshift	redshift-fips.ca-central-1.amazonaws.com
Amazon Relational Database Service (RDS) / Amazon Aurora	rds-fips.ca-central-1.amazonaws.com
Amazon S3 Glacier	glacier-fips.ca-central-1.amazonaws.com
Amazon Simple Storage Service (Amazon S3) Note: This Endpoint can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.ca-central-1.amazonaws.com. Visit the Amazon S3 Documentation page for more information.	s3-fips.ca-central-1.amazonaws.com
AWS Certificate Manager	acm-fips.ca-central-1.amazonaws.com
AWS Certificate Manager Private CA	acm-pca-fips.ca-central-1.amazonaws.com
Amazon CodeCommit	git-codecommit-fips.ca-central-1.amazonaws.com codecommit-fips.ca-central-1.amazonaws.com
AWS CodePipeline	codepipeline-fips.ca-central-1.amazonaws.com
AWS DataSync	datasync-fips.ca-central-1.amazonaws.com
AWS Directory Service	ds-fips.ca-central-1.amazonaws.com
AWS Firewall Manager	fms-fips.ca-central-1.amazonaws.com
AWS Snowball	snowball-fips.ca-central-1.amazonaws.com
AWS Storage Gateway	storagegateway-fips.ca-central-1.amazonaws.com
AWS WAF	wafv2-fips.ca-central-1.amazonaws.com waf-regional-fips.ca-central-1.amazonaws.com

Which AWS services require a minimum version of TLS 1.2 for FIPS Endpoints?

AWS is updating all AWS FIPS endpoints to a minimum Transport Layer Security (TLS) version of 1.2 across all AWS Regions, with a targeted completion date of March 31, 2021. Once completed, these updates will revoke the ability to use TLS 1.0 and TLS 1.1 on all FIPS endpoints. For more information, read the announcement on the AWS Security Blog. No other AWS endpoints will be affected by this change.

The FIPS endpoints for the AWS services listed below have been updated and require TLS 1.2 or higher. The FIPS endpoints for any AWS services not listed below currently support TLS 1.0 and TLS 1.1 in addition to TLS 1.2.

AWS Service	TLS Minimum 1.2
AWS Key Management Service (KMS)	✓

Have Questions? Connect with an AWS Business Representative

Exploring compliance roles?

Apply today »

Want AWS Compliance updates?

Federal Information Processing Standard (FIPS) 140-2

Overview

What are the FIPS endpoints for AWS US East/West?

What are the FIPS endpoints for AWS GovCloud (US)?

What are the FIPS endpoints for AWS Canada (Central)?

Which AWS services require a minimum version of TLS 1.2 for FIPS Endpoints?