Federal Information Processing Standard (FIPS) 140-2

Overview

FIPS_New

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government standard that specifies the security requirements for cryptographic modules that protect sensitive information. If you require use of FIPS 140-2 validated cryptographic modules when accessing AWS US East/West or AWS GovCloud (US) through use of the command line interface (CLI) or programmatically by using the APIs, the following sections provide the list of available FIPS endpoints by AWS Region. The Amazon Virtual Private Cloud VPN endpoints in AWS GovCloud (US) operate using FIPS 140-2 validated cryptographic modules. AWS works with customers to provide the information they need to manage compliance when using the AWS US East/West or AWS GovCloud (US) Regions. For more information about the standard, see Cryptographic Module Validation Program on the NIST Computer Security Resource Center website.

  • What are the FIPS Endpoints for AWS US East/West?

    The following table lists each FIPS endpoint available for various AWS services in the AWS Region US East/West. 

    AWS Service     AWS US East/West Endpoints    
    AWS Directory Service

    ds-fips.us-west-1.amazonaws.com

    ds-fips.us-west-2.amazonaws.com

    ds-fips.us-east-2.amazonaws.com

    ds-fips.us-east-1.amazonaws.com
    Amazon API Gateway

    apigateway-fips.us-west-1.amazonaws.com

    apigateway-fips.us-west-2.amazonaws.com

    apigateway-fips.us-east-2.amazonaws.com

    apigateway-fips.us-east-1.amazonaws.com
    Amazon Cloud Directory

    clouddirectory-fips.us-west-1.amazonaws.com

    clouddirectory-fips.us-east-2.amazonaws.com

    clouddirectory-fips.us-east-1.amazonaws.com
    AWS Cloud Formation  

    cloudformation-fips.us-east-1.amazonaws.com

    cloudformation-fips.us-east-2.amazonaws.com

    cloudformation-fips.us-west-1.amazonaws.com

    cloudformation-fips.us-west-2.amazonaws.com
    AWS CloudTrail

    cloudtrail-fips.us-west-1.amazonaws.com

    cloudtrail-fips.us-west-2.amazonaws.com

    cloudtrail-fips.us-east-2.amazonaws.com

    cloudtrail-fips.us-east-1.amazonaws.com
    Amazon Cognito

    cognito-sync-fips.us-west-2.amazonaws.com

    cognito-identity-fips.us-west-2.amazonaws.com

    cognito-idp-fips.us-west-2.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-west-2.amazoncognito.com

    cognito-sync-fips.us-east-2.amazonaws.com

    cognito-identity-fips.us-east-2.amazonaws.com

    cognito-idp-fips.us-east-2.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-east-2.amazoncognito.com

    cognito-sync-fips.us-east-1.amazonaws.com

    cognito-identity-fips.us-east-1.amazonaws.com

    cognito-idp-fips.us-east-1.amazonaws.com

    <your_user_pool_domain>.auth-fips.us-east-1.amazoncognito.com
    AWS Config

    config-fips.us-west-1.amazonaws.com

    config-fips.us-west-2.amazonaws.com

    config-fips.us-east-2.amazonaws.com

    config-fips.us-east-1.amazonaws.com    
    AWS Database Migration Service (DMS)

    dms-fips.us-west-1.amazonaws.com

    dms-fips.us-west-2.amazonaws.com

    dms-fips.us-east-2.amazonaws.com

    dms-fips.us-east-1.amazonaws.com
    Amazon DynamoDB

    dynamodb-fips.us-west-1.amazonaws.com

    dynamodb-fips.us-west-2.amazonaws.com

    dynamodb-fips.us-east-2.amazonaws.com

    dynamodb-fips.us-east-1.amazonaws.com
    Amazon Elastic Block Store (EBS) Using EC2 Directly
    Amazon Elastic Compute Cloud (EC2)

    ec2-fips.us-west-1.amazonaws.com

    ec2-fips.us-west-2.amazonaws.com

    ec2-fips.us-east-2.amazonaws.com

    ec2-fips.us-east-1.amazonaws.com
    Amazon ElastiCache

    elasticache-fips.us-east-1.amazonaws.com

    elasticache-fips.us-east-2.amazonaws.com

    elasticache-fips.us-west-1.amazonaws.com

    elasticache-fips.us-west-2.amazonaws.com
    Elastic Load Balancing

    elasticloadbalancing-fips.us-west-1.amazonaws.com

    elasticloadbalancing-fips.us-west-2.amazonaws.com

    elasticloadbalancing-fips.us-east-2.amazonaws.com

    elasticloadbalancing-fips.us-east-1.amazonaws.com
    Amazon EMR (Amazon EMR)

    elasticmapreduce-fips.us-west-1.amazonaws.com

    elasticmapreduce-fips.us-west-2.amazonaws.com

    elasticmapreduce-fips.us-east-1.amazonaws.com

    elasticmapreduce-fips.us-east-2.amazonaws.com
    Amazon Glacier

    glacier-fips.us-west-1.amazonaws.com

    glacier-fips.us-west-2.amazonaws.com

    glacier-fips.us-east-2.amazonaws.com

    glacier-fips.us-east-1.amazonaws.com
    AWS Identity and Access Management (IAM) iam-fips.amazonaws.com (IAD Region Only)    
    Amazon Inspector

    inspector-fips.us-west-1.amazonaws.com

    inspector-fips.us-west-2.amazonaws.com

    inspector-fips.us-east-1.amazonaws.com
    Amazon Kinesis Streams

    kinesis-fips.us-west-1.amazonaws.com

    kinesis-fips.us-west-2.amazonaws.com

    kinesis-fips.us-east-2.amazonaws.com

    kinesis-fips.us-east-1.amazonaws.com
    AWS Key Management Service (KMS)

    kms-fips.us-west-1.amazonaws.com

    kms-fips.us-west-2.amazonaws.com

    kms-fips.us-east-2.amazonaws.com

    kms-fips.us-east-1.amazonaws.com

    AWS Lambda

    lambda-fips.us-west-1.amazonaws.com

    lambda-fips.us-west-2.amazonaws.com

    lambda-fips.us-east-2.amazonaws.com

    lambda-fips.us-east-1.amazonaws.com

    Amazon Quicksight

    fips-us-west-2.quicksight.aws.amazon.com

    fips-us-east-2.quicksight.aws.amazon.com

    fips-us-east-1.quicksight.aws.amazon.com

    Amazon Relational Database Service (RDS)

    rds-fips.us-west-1.amazonaws.com

    rds-fips.us-west-2.amazonaws.com

    rds-fips.us-east-2.amazonaws.com

    rds-fips.us-east-1.amazonaws.com

    Amazon Redshift

    redshift-fips.us-west-1.amazonaws.com

    redshift-fips.us-west-2.amazonaws.com

    redshift-fips.us-east-2.amazonaws.com

    redshift-fips.us-east-1.amazonaws.com

    Amazon Route 53

    api-fips.route53-eu-west-1.com

    route53-fips.amazonaws.com
    Amazon SageMaker

    api-fips.sagemaker.us-east-1.amazonaws.com

    api-fips.sagemaker.us-east-2.amazonaws.com

    api-fips.sagemaker.us-west-2.amazonaws.com

    runtime-fips.sagemaker.us-east-1.amazonaws.com

    runtime-fips.sagemaker.us-east-2.amazonaws.com

    runtime-fips.sagemaker.us-west-2.amazonaws.com

    Amazon Simple Storage Service (S3)

    Note: These Endpoints can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.us-east-2.amazonaws.com. Visit the Amazon S3 Documentation page for more information.

    s3-fips.us-east-2.amazonaws.com

    s3-fips.dualstack.us-west-1.amazonaws.com

    s3-fips.dualstack.us-west-2.amazonaws.com

    s3-fips.dualstack.us-east-2.amazonaws.com

    s3-fips.dualstack.us-east-1.amazonaws.com

    s3-fips.us-west-1.amazonaws.com

    s3-fips.us-west-2.amazonaws.com

    s3-fips.us-east-1.amazonaws.com

    AWS Shield

    		 shield-fips.us-east-1.amazonaws.com

    AWS Snowball

    		 Does not need FIPS

    Amazon Simple Notification Service (SNS)

    sns-fips.us-west-1.amazonaws.com

    sns-fips.us-west-2.amazonaws.com

    sns-fips.us-east-2.amazonaws.com

    sns-fips.us-east-1.amazonaws.com

    Amazon Simple Queue Service (SQS)

    		 sqs-fips.us-west-1.amazonaws.com

    AWS Security Token Service (STS)

    sts-fips.us-west-1.amazonaws.com

    sts-fips.us-west-2.amazonaws.com

    sts-fips.us-east-2.amazonaws.com

    sts-fips.us-east-1.amazonaws.com

    Amazon Simple Workflow Service (SWF)

    swf-fips.us-west-1.amazonaws.com

    swf-fips.us-west-2.amazonaws.com

    swf-fips.us-east-2.amazonaws.com

    swf-fips.us-east-1.amazonaws.com
    AWS Systems Manager

    ssm-fips.us-west-1.amazonaws.com

    ssm-fips.us-west-2.amazonaws.com

    ssm-fips.us-east-2.amazonaws.com

    ssm-fips.us-east-1.amazonaws.com

    Amazon Virtual Private Cloud (VPC)

    		 Uses EC2 Directly

    AWS WAF

    waf-regional-fips.us-west-1.amazonaws.com

    waf-regional-fips.us-west-2.amazonaws.com

    waf-regional-fips.us-east-1.amazonaws.com

    waf-fips.amazonaws.com

    waf-regional-fips.eu-west-1.amazonaws.com

    waf-regional-fips.ap-northeast-1.amazonaws.com

    Amazon WorkDocs

    workdocs-fips.us-west-2.amazonaws.com

    workdocs-fips.us-east-1.amazonaws.com

    For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

  • What are the FIPS endpoints for AWS GovCloud (US)?

    The following table lists each FIPS endpoint available for various AWS services in the AWS Region GovCloud (US).

    AWS Service     AWS GovCloud (US) Endpoints    
    AWS Certificate Manager

    acm.us-gov-west-1.amazonaws.com
    Amazon API Gateway

    apigateway-fips.us-gov-west-1.amazonaws.com
    Amazon EC2 Autoscaling

    autoscaling.us-gov-west-1.amazonaws.com
    AWS CloudFormation

    cloudformation.us-gov-west-1.amazonaws.com

    AWS CloudHSM

    cloudhsm.us-gov-west-1.amazonaws.com
    AWS CloudTrail

    cloudtrail.us-gov-west-1.amazonaws.com
    Amazon CloudWatch (Events)

    events.us-gov-west-1.amazonaws.com
    Amazon CloudWatch (Logs)

    logs.us-gov-west-1.amazonaws.com

    AWS CodeDeploy

    codedeploy.us-gov-west-1.amazonaws.com
    AWS Config

    config.us-gov-west-1.amazonaws.com
    AWS Database Migration Service (DMS)

    dms.us-gov-west-1.amazonaws.com
    Amazon DynamoDB

    dynamodb.us-gov-west-1.amazonaws.com
    Amazon Elastic Block Store (EBS) ec2.us-gov-west-1.amazonaws.com
    Amazon Elastic Compute Cloud (EC2)

    ec2.us-gov-west-1.amazonaws.com
    Amazon ElastiCache

    elasticache-fips.us-gov-west-1.amazonaws.com
    Elastic Load Balancing

    elasticloadbalancing.us-gov-west-1.amazonaws.com
    Amazon EMR (Amazon EMR)

    elasticmapreduce.us-gov-west-1.amazonaws.com
    Amazon Glacier

    glacier.us-gov-west-1.amazonaws.com
    AWS Identity and Access Management (IAM)

    iam.us-gov.amazonaws.com
    Amazon Inspector inspector-fips.us-gov-west-1.amazonaws.com
    Amazon Kinesis Streams

    kinesis.us-gov-west-1.amazonaws.com
    AWS Key Management Service (KMS)

    kms-fips.us-gov-west-1.amazonaws.com

    AWS Lambda

    lambda-fips.us-gov-west-1.amazonaws.com
    Amazon Polly polly-fips.us-gov-west-1.amazonaws.com
    Amazon Rekognition   rekognition-fips.us-gov-west-1.amazonaws.com

    Amazon Relational Database Service (RDS)

    rds.us-gov-west-1.amazonaws.com

    Amazon Redshift

    redshift.us-gov-west-1.amazonaws.com
    Amazon SageMaker

    api.sagemaker.us-gov-west-1.amazonaws.com

    runtime.sagemaker.us-gov-west-1.amazonaws.com
    AWS Server Migration Service (SMS)
    		 sms-fips.us-gov-west-1.amazonaws.com

    Amazon Simple Storage Service (S3)

    Note: These Endpoints can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.us-east-2.amazonaws.com. Visit the Amazon S3 Documentation page for more information.

    s3-fips.dualstack.us-gov-west-1.amazonaws.com

    s3-fips-us-gov-west-1.amazonaws.com

    AWS Shield

    		 Has only one endpoint

    AWS Snowball

    		 Does not need FIPS

    Amazon Simple Notification Service (SNS)

    sns.us-gov-west-1.amazonaws.com

    Amazon Simple Queue Service (SQS)

    		 sqs.us-gov-west-1.amazonaws.com

    AWS Security Token Service (STS)

    sts.us-gov-west-1.amazonaws.com

    Amazon Simple Workflow Service (SWF)

    swf.us-gov-west-1.amazonaws.com
    AWS Systems Manager ssm.us-gov-west-1.amazonaws.com

    Amazon Virtual Private Cloud (VPC)

    		 ec2.us-gov-west-1.amazonaws.com

    For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.

compliance-contactus-icon
Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »