Federal Information Processing Standard (FIPS) 140-2
Overview
The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government standard that specifies the security requirements for cryptographic modules that protect sensitive information. To support customers who have FIPS 140-2 requirements, the Amazon Virtual Private Cloud (VPC) VPN endpoints and SSL terminations in AWS GovCloud (US) operate by using cryptographic modules that are validated by FIPS 140-2. AWS works with AWS GovCloud (US) customers to provide the information they need to manage compliance when using the AWS GovCloud (US) Region. For more information about the standard, see Cryptographic Module Validation Program on the NIST Computer Security Resource Center website.
If you require use of FIPS 140-2 validated cryptographic modules when accessing AWS US East/West or AWS GovCloud (US) through use of the command line interface (CLI) or programmatically by using the APIs, the following sections provide the list of available FIPS endpoints by AWS Region.
-
What are the FIPS Endpoints for AWS US East/West?
The following table lists each FIPS endpoint available for various AWS services in the AWS Region US East/West:
AWS Service AWS US East/West Endpoints AWS Directory Service ds-fips.us-west-1.amazonaws.com
ds-fips.us-west-2.amazonaws.com
ds-fips.us-east-2.amazonaws.com
ds-fips.us-east-1.amazonaws.com
Amazon API Gateway apigateway-fips.us-west-1.amazonaws.com
apigateway-fips.us-west-2.amazonaws.com
apigateway-fips.us-east-2.amazonaws.com
apigateway-fips.us-east-1.amazonaws.com
Amazon Cloud Directory clouddirectory-fips.us-west-1.amazonaws.com
clouddirectory-fips.us-east-2.amazonaws.com
clouddirectory-fips.us-east-1.amazonaws.com
AWS Cloud Formation cloudformation-fips.us-east-1.amazonaws.com
cloudformation-fips.us-east-2.amazonaws.com
cloudformation-fips.us-west-1.amazonaws.com
cloudformation-fips.us-west-2.amazonaws.com
AWS CloudTrail cloudtrail-fips.us-west-1.amazonaws.com
cloudtrail-fips.us-west-2.amazonaws.com
cloudtrail-fips.us-east-2.amazonaws.com
cloudtrail-fips.us-east-1.amazonaws.com
Amazon Cognito cognito-sync-fips.us-west-2.amazonaws.com
cognito-identity-fips.us-west-2.amazonaws.com
cognito-idp-fips.us-west-2.amazonaws.com
<your_user_pool_domain>.auth-fips.us-west-2.amazoncognito.com
cognito-sync-fips.us-east-2.amazonaws.com
cognito-identity-fips.us-east-2.amazonaws.com
cognito-idp-fips.us-east-2.amazonaws.com
<your_user_pool_domain>.auth-fips.us-east-2.amazoncognito.com
cognito-sync-fips.us-east-1.amazonaws.com
cognito-identity-fips.us-east-1.amazonaws.com
cognito-idp-fips.us-east-1.amazonaws.com
<your_user_pool_domain>.auth-fips.us-east-1.amazoncognito.com
AWS Config config-fips.us-west-1.amazonaws.com
config-fips.us-west-2.amazonaws.com
config-fips.us-east-2.amazonaws.com
config-fips.us-east-1.amazonaws.com
AWS Database Migration Service (DMS) dms-fips.us-west-1.amazonaws.com
dms-fips.us-west-2.amazonaws.com
dms-fips.us-east-2.amazonaws.com
dms-fips.us-east-1.amazonaws.com
Amazon DynamoDB dynamodb-fips.us-west-1.amazonaws.com
dynamodb-fips.us-west-2.amazonaws.com
dynamodb-fips.us-east-2.amazonaws.com
dynamodb-fips.us-east-1.amazonaws.com
Amazon Elastic Block Store (EBS) Using EC2 Directly Amazon Elastic Compute Cloud (EC2) ec2-fips.us-west-1.amazonaws.com
ec2-fips.us-west-2.amazonaws.com
ec2-fips.us-east-2.amazonaws.com
ec2-fips.us-east-1.amazonaws.com
Amazon ElastiCache elasticache-fips.us-east-1.amazonaws.com
elasticache-fips.us-east-2.amazonaws.com
elasticache-fips.us-west-1.amazonaws.com
elasticache-fips.us-west-2.amazonaws.comElastic Load Balancing elasticloadbalancing-fips.us-west-1.amazonaws.com
elasticloadbalancing-fips.us-west-2.amazonaws.com
elasticloadbalancing-fips.us-east-2.amazonaws.com
elasticloadbalancing-fips.us-east-1.amazonaws.com
Amazon EMR (Amazon EMR) elasticmapreduce-fips.us-west-1.amazonaws.com
elasticmapreduce-fips.us-west-2.amazonaws.com
elasticmapreduce-fips.us-east-1.amazonaws.com
elasticmapreduce-fips.us-east-2.amazonaws.com
Amazon Glacier glacier-fips.us-west-1.amazonaws.com
glacier-fips.us-west-2.amazonaws.com
glacier-fips.us-east-2.amazonaws.com
glacier-fips.us-east-1.amazonaws.com
AWS Identity and Access Management (IAM) iam-fips.amazonaws.com (IAD Region Only) Amazon Inspector inspector-fips.us-west-1.amazonaws.com
inspector-fips.us-west-2.amazonaws.com
inspector-fips.us-east-1.amazonaws.com
Amazon Kinesis Streams kinesis-fips.us-west-1.amazonaws.com
kinesis-fips.us-west-2.amazonaws.com
kinesis-fips.us-east-2.amazonaws.com
kinesis-fips.us-east-1.amazonaws.com
AWS Key Management Service (KMS) kms-fips.us-west-1.amazonaws.com
kms-fips.us-west-2.amazonaws.com
kms-fips.us-east-2.amazonaws.com
kms-fips.us-east-1.amazonaws.com
AWS Lambda
lambda-fips.us-west-1.amazonaws.com
lambda-fips.us-west-2.amazonaws.com
lambda-fips.us-east-2.amazonaws.com
lambda-fips.us-east-1.amazonaws.com
Amazon Quicksight
fips-us-west-2.quicksight.aws.amazon.com
fips-us-east-2.quicksight.aws.amazon.com
fips-us-east-1.quicksight.aws.amazon.com
Amazon Relational Database Service (RDS)
rds-fips.us-west-1.amazonaws.com
rds-fips.us-west-2.amazonaws.com
rds-fips.us-east-2.amazonaws.com
rds-fips.us-east-1.amazonaws.com
Amazon Redshift
redshift-fips.us-west-1.amazonaws.com
redshift-fips.us-west-2.amazonaws.com
redshift-fips.us-east-2.amazonaws.com
redshift-fips.us-east-1.amazonaws.com
Amazon Route 53
api-fips.route53-eu-west-1.com
route53-fips.amazonaws.com
Amazon Simple Storage Service (S3)
s3-fips.us-east-2.amazonaws.com
s3-fips.dualstack.us-west-1.amazonaws.com
s3-fips.dualstack.us-west-2.amazonaws.com
s3-fips.dualstack.us-east-2.amazonaws.com
s3-fips.dualstack.us-east-1.amazonaws.com
s3-fips.us-west-1.amazonaws.com
s3-fips.us-west-2.amazonaws.com
s3-fips.us-east-1.amazonaws.com
AWS Shield
shield-fips.us-east-1.amazonaws.com AWS Snowball
Does not need FIPS Amazon Simple Notification Service (SNS)
sns-fips.us-west-1.amazonaws.com
sns-fips.us-west-2.amazonaws.com
sns-fips.us-east-2.amazonaws.com
sns-fips.us-east-1.amazonaws.com
Amazon Simple Queue Service (SQS)
sqs-fips.us-west-1.amazonaws.com AWS Security Token Service (STS)
sts-fips.us-west-1.amazonaws.com
sts-fips.us-west-2.amazonaws.com
sts-fips.us-east-2.amazonaws.com
sts-fips.us-east-1.amazonaws.com
Amazon Simple Workflow Service (SWF)
swf-fips.us-west-1.amazonaws.com
swf-fips.us-west-2.amazonaws.com
swf-fips.us-east-2.amazonaws.com
swf-fips.us-east-1.amazonaws.com
AWS Systems Manager ssm-fips.us-west-1.amazonaws.com
ssm-fips.us-west-2.amazonaws.com
ssm-fips.us-east-2.amazonaws.com
ssm-fips.us-east-1.amazonaws.com
Amazon Virtual Private Cloud (VPC)
Uses EC2 Directly AWS WAF
waf-regional-fips.us-west-1.amazonaws.com
waf-regional-fips.us-west-2.amazonaws.com
waf-regional-fips.us-east-1.amazonaws.com
waf-fips.amazonaws.com
waf-regional-fips.eu-west-1.amazonaws.com
waf-regional-fips.ap-northeast-1.amazonaws.com
Amazon WorkDocs
workdocs-fips.us-west-2.amazonaws.com
workdocs-fips.us-east-1.amazonaws.com
For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.
-
What are the FIPS endpoints for AWS GovCloud (US)?
The following table lists each FIPS endpoint available for various AWS services in the AWS Region GovCloud (US):
AWS Service AWS GovCloud (US) Endpoints AWS Certificate Manager acm.us-gov-west-1.amazonaws.com
Amazon API Gateway apigateway-fips.us-gov-west-1.amazonaws.com
Amazon EC2 Autoscaling autoscaling.us-gov-west-1.amazonaws.com
AWS CloudFormation cloudformation.us-gov-west-1.amazonaws.com
AWS CloudHSM
cloudhsm.us-gov-west-1.amazonaws.com
AWS CloudTrail cloudtrail.us-gov-west-1.amazonaws.com
Amazon CloudWatch (Events) events.us-gov-west-1.amazonaws.com
Amazon CloudWatch (Logs) logs.us-gov-west-1.amazonaws.com
AWS CodeDeploy
codedeploy.us-gov-west-1.amazonaws.com
AWS Config config.us-gov-west-1.amazonaws.com
AWS Database Migration Service (DMS) dms.us-gov-west-1.amazonaws.com
Amazon DynamoDB dynamodb.us-gov-west-1.amazonaws.com
Amazon Elastic Block Store (EBS) ec2.us-gov-west-1.amazonaws.com Amazon Elastic Compute Cloud (EC2) ec2.us-gov-west-1.amazonaws.com
Amazon ElastiCache elasticache-fips.us-gov-west-1.amazonaws.com
Elastic Load Balancing elasticloadbalancing.us-gov-west-1.amazonaws.com
Amazon EMR (Amazon EMR) elasticmapreduce.us-gov-west-1.amazonaws.com
Amazon Glacier glacier.us-gov-west-1.amazonaws.com
AWS Identity and Access Management (IAM) iam.us-gov.amazonaws.com
Amazon Kinesis Streams kinesis.us-gov-west-1.amazonaws.com
AWS Key Management Service (KMS) kms-fips.us-gov-west-1.amazonaws.com
AWS Lambda
lambda-fips.us-gov-west-1.amazonaws.com
Amazon Relational Database Service (RDS)
rds.us-gov-west-1.amazonaws.com
Amazon Redshift
redshift.us-gov-west-1.amazonaws.com
Amazon Simple Storage Service (S3)
s3-fips.dualstack.us-gov-west-1.amazonaws.com
s3-fips-us-gov-west-1.amazonaws.com
AWS Shield
Has only one endpoint AWS Snowball
Does not need FIPS Amazon Simple Notification Service (SNS)
sns.us-gov-west-1.amazonaws.com
Amazon Simple Queue Service (SQS)
sqs.us-gov-west-1.amazonaws.com AWS Security Token Service (STS)
sts.us-gov-west-1.amazonaws.com
Amazon Simple Workflow Service (SWF)
swf.us-gov-west-1.amazonaws.com
AWS Systems Manager ssm.us-gov-west-1.amazonaws.com Amazon Virtual Private Cloud (VPC)
ec2.us-gov-west-1.amazonaws.com For a list of all AWS endpoints, see Regions and Endpoints in the AWS General Reference.
