Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Skip to main content

Public Sector

AWS GovCloud (US)

Isolated U.S. sovereign regions deliver innovation for customers with elevated compliance needs

Contact us

Compliant Innovation

AWS GovCloud (US) is an innovative compliant cloud solution that technology leaders trust to host sensitive and controlled unclassified information (CUI) data, and is built to enable mission and business critical, high-value assets. It is comprised of two physically and logically isolated U.S. sovereign regions, AWS GovCloud (US-East and US-West), operated by U.S. citizens on U.S. soil that enable secure, scalable, and resilient enterprise cloud architectures. Connectivity is available from both the public Internet and privately with AWS Direct Connect.

Scientific discovery

At Pacific Northwest National Laboratory (PNNL), AWS GovCloud (US) transformed how the DoE processes critical government data. When the U.S. Treasury needed to break down data silos and enhance their threat detection capabilities, PNNL leveraged AWS GovCloud (US) to consolidate multiple databases and implement advanced analytics. This enabled Treasury to identify and respond to financial threats with unprecedented speed and accuracy. The platform's FedRAMP High infrastructure proved ideal for handling sensitive government data, while providing the flexibility to incorporate cutting-edge tools like AI/ML and process complex environmental datasets. Since 2011, AWS GovCloud (US) provides the perfect balance of security and innovation, allowing organizations like PNNL to create capabilities to advance human and scientific progress.

Mission Enablement

Transform your government agency's mission and business outcomes while maintaining the highest security standards with AWS GovCloud (US). From automated compliance processes and comprehensive security measures to cutting-edge Generative AI capabilities, AWS GovCloud (US) offers a proven path to modernization that's trusted by agencies like NASA, the U.S. Census Bureau, and the Department of Veterans Affairs. Our U.S. sovereign regions, operated by U.S. citizens on U.S. soil, provide the perfect balance of innovation and compliance, enabling you to handle sensitive data and CUI with confidence while dramatically improving mission effectiveness and outcomes. Download our whitepaper on increasing mission efficiency using AWS GovCloud (US).

Missing alt text value

Accelerate Business Outcomes

AWS GovCloud (US) provides a foundation to transform citizen, patient, customer, and employee experience, modernize legacy IT systems, eliminate technical debt, power national defense and intelligence, all while elevating resiliency, security and compliance to the next level

Compliance programs

Government customers, technology partners, and entities with highly-regulated enterprise cloud requirements leverage AWS GovCloud (US) compliance programs and capabilities to accelerate authority to operate (ATO).

AWS compliance programs make AWS GovCloud (US) an ideal isolated cloud environment to host Controlled Unclassified Information (CUI) in areas such as critical infrastructure, defense, intelligence, financial, law enforcement, legal, nuclear, patent, tax, and transportation related applications and data.

"FR logo with bold red text reading 'Fleet Response'."

Seal of the United States Department of Defense featuring a bald eagle, shield, arrows, olive branch, and stars encircled by text.

Stylized eagle with outstretched wings holding scales, featuring a shield on its chest.

"ITAR Compliant seal with text 'International Traffic in Arms Regulations' in a circular design."

Alt-text: Stylized text logo reading "FISON" with jagged edges and a blue gradient effect.

A white shield icon with a checkmark on a blue background.

FIPS 140-2 Cryptography logo with bold text and a gold circular design.

Dark blue circular badge with the text "DFARS Compliant" and a laurel design.

Missing alt text value

HITRUST CSF Certified logo in red and black text.

Missing alt text value

Blue circular badge with text "AICPA SOC" and "SOC for Service Organizations" along with the website "aicpa.org/soc4so".

Missing alt text value

IRS logo featuring a blue stylized eagle, scales of justice, and the letters "IRS."

Seal of the U.S. Securities and Exchange Commission featuring a bald eagle holding an olive branch and arrows, with "U.S. Securities and Exchange Commission" and "MCMXXXIV" written around the border.

Diagram of connected circles labeled G, X, and P, with orange dots at some nodes.

Resources

Transforming mission impact with generative AI

This whitepaper outlines how AWS GovCloud (US) enables government technology leaders to transform mission impact through secure, compliant generative AI.

Read the whitepaper

The new digital assets imperative for CIOs in the public sector

Explore the $6.7B public sector opportunity with blockchain for secure asset management across healthcare, logistics, and supply chains.

Read the insight paper

How to meet security and compliance requirements with the cloud

An IDC perspective: Discover how federal agencies can use the cloud to innovate while adhering to security and compliance mandates and enabling key capabilities like remote work and mission readiness.

Read the insight paper

Deploy Amazon Connect inside the FedRAMP High boundary

Learn to securely deploy a FedRAMP High compliant Amazon Connect contact center on AWS GovCloud (US). Leverage conversational AI to intelligently route callers and chats to the best available agents.

Watch the webinar

Core Security Principles for Edge Computing in Government

This IDC Whitepaper covers maintaining security and compliance across edge and cloud for the public sector. Explore core edge computing security principles with AWS Outposts and AWS Snow families and how AWS enables a secure, consistent experience.

Read the insight paper

Increase efficiency with AWS GovCloud (US)

This whitepaper outlines how AWS GovCloud (US) enables government efficiency through accelerated compliance, security, resilience, cost savings, AI, asset management, and cross-agency collaboration.

Read the whitepaper

Customer innovation stories

Explore stories from government agencies and industry partners who are innovating with AWS GovCloud (US) solutions. Get insights into their challenges and successes.

Displaying 1-8 (23)
Industry and Partners

AT&T

AT&T launches first of its kind 911 cloud-native certified infrastructure hosted in AWS GovCloud (US)

Watch the video
Industry and Partners

Cisco Systems

Cisco Umbrella for Government DNS Security integrated with CISA Protective DNS, hosted on AWS GovCloud (US)

Watch the video
Government

The Department of Veterans Affairs

The VA issued a FISMA High ATO for AWS GovCloud (US), using the regions to store and protect patient data critical to America’s veterans

Read the blog
Government

The Department of Justice

The DOJ leverages AWS GovCloud (US) for mission-critical workloads, DevTest, and delivery of advanced capabilities

Watch the video
Government

Cloud.gov

Cloud.gov, built by GSA’s 18F, helps other government agencies build, buy, and share technology products with minimized FedRAMP compliance work

Read the blog
Government

Defense Digital Services

Defense Digital Services manages the U.S. Air Force’s Next Generation GPS OCS satellites, securely running 200+ dedicated hosts and 1,000 individual virtual machines in AWS GovCloud (US)

Read the blog
Government

The U.S. Department of Treasury

The U.S. Department of Treasury delivers mission assurance while enabling digital transformation in AWS GovCloud (US)

Watch the video
Government

The U.S. Department of Homeland Security

DHS's HSIN information sharing platform is a FedRAMP High system, securely enabled in AWS GovCloud (US)

Watch the video

Resilient innovation

AWS GovCloud (US) Regions offer three Availability Zones with multiple, geographically distributed data centers for high availability. Customers can implement multi-region/multi-AZ architectures for mission-critical workloads or single-AZ for less stringent needs. Gain insights into resiliency posture with AWS Resilience Hub and AWS Fault Injection Simulator, and deploy archiving, backup and restore with AWS Elastic Disaster Recovery and AWS Backup. Discover how AWS GovCloud (US) enables innovation and resilience for government and industry leaders with highly-regulated, sensitive workloads by downloading this paper.

Missing alt text value

Verified U.S. access

AWS GovCloud (US) is for verified U.S. government agencies and entities. Root Account holders must pass a screening process validating U.S. persons status and must be a (green card holder or citizen as defined by the U.S. Department of State). It has a separate Identity and Access Management (IAM) system with unique credentials for account access and user access. You manage AWS GovCloud (US) environments through a dedicated console, command line interface (CLI), or application programming interface (API) calls.

A group of people in a control room with multiple computer screens, while a woman stands pointing at a large digital display showing a complex schematic.

What's new

Displaying 1-8 (2280)
2023-11-14

Amazon OpenSearch Service now supports hybrid query score normalization

Combining lexical and semantic search methodologies has been beneficial to leverage the strengths of each of the methods, but until now it has been challenging given the different relevancy score scale for each method. To implement hybrid search, customers had to run multiple queries independently, then normalize and combine scores outside of OpenSearch. With the launch of the hybrid query in Amazon OpenSearch Service 2.11, OpenSearch handles score normalization and combination in one query, making hybrid search easier to implement and more efficient. 

For information on hybrid query score normalization, please see documentation. OpenSearch 2.11 is now available in all AWS regions globally where Amazon OpenSearch service is available.

To learn more about Amazon OpenSearch Service, please visit the product page.

2023-11-16
2024-01-16

Amazon S3 on Outposts enables support for IPv6

You can now access Amazon S3 on Outposts buckets using IPv6 via S3 on Outposts dual-stack endpoints. IPv6 support for S3 on Outposts allows you to manage your S3 on Outposts buckets and control plane resources over IPv6 networks.

This new feature expands IP addressing capabilities and simplifies network configuration, helping you to build a simple hybrid cloud storage architecture across IPv4 and IPv6 networks. You can also use source address filtering in IAM and bucket policies with IPv6 addresses to restrict access to S3 on Outposts buckets from specific IPv6 applications. Additionally, you can use IPv6 over AWS PrivateLink, which enables secure, private communication between IPv6 services and VPCs, without traversing the public internet. 

S3 on Outposts IPv6 support is available in all AWS Regions where S3 on Outposts is available, including the AWS GovCloud (US) Regions, at no additional cost. You can connect via CLI and SDK over both IPv4 and IPv6 protocols. Read more about how to use IPv6 for S3 on Outposts in our documentation. 

2024-01-10

Amazon Location Service now supports additional places content in Maps

Amazon Location Service has updated the Maps service to include a richer set of places, such as shops, services, restaurants, attractions, and other points of interest, in one of our map styles. The updated Esri Navigation style now provides developers the option to display a detailed map with global places content for reference or navigation purpose.

Amazon Location Maps enable developers to easily embed an interactive map into their web and mobile applications. Customers can choose from 17 available map styles to match the intended use case. The updated Esri Navigation map style now features a set of additional points of interest content with global coverage and frequent update schedule. Customers can use this updated map style to support many use cases that require rich places context, such as food delivery, real estate search, trip planning, and more. 

Amazon Location Service is a fully managed service that helps developers easily and securely add maps, points of interest, geocoding, routing, tracking, and geofencing to their applications without compromising on data quality, user privacy, or cost.

Amazon Location Service is available in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Stockholm), South America (São Paulo), and AWS GovCloud (US-West).

To learn more, visit the Amazon Location Maps Developer Guide and select the Esri Navigation map style.

2024-01-12

AWS Config now supports 22 new resource types

AWS Config is adding support for 22 more resource types in the following services: AWS App Mesh, Amazon AppStream 2.0, Amazon Connect, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Container Service (Amazon ECS), AWS Identity and Access Management (AWS IAM), AWS IoT, AWS Key Management Service (AWS KMS), AWS IoT TwinMaker, AWS Lambda, Amazon Managed Grafana, Amazon Managed Streaming for Apache Kafka (Amazon MSK), AWS Network Manager, AWS Private Certificate Authority, Amazon Relational Database Service (Amazon RDS), AWS Resource Explorer, and Amazon Route 53 Resolver. 

With this launch, customers can now use AWS Config to monitor configuration data for the following newly supported resource types in all AWS Regions where the supported services are available:

  • AWS::AppStream::Fleet
  • AWS::Grafana::Workspace
  • AWS::KMS::Alias
  • AWS::RDS::OptionGroup
  • AWS::Route53Resolver::FirewallRuleGroup
  • AWS::IAM::InstanceProfile
  • AWS::NetworkManager::ConnectPeer
  • AWS::ACMPCA::CertificateAuthorityActivation
  • AWS::AppMesh::GatewayRoute
  • AWS::AppMesh::Mesh
  • AWS::Connect::QuickConnect
  • AWS::EC2::CarrierGateway
  • AWS::EC2::TransitGatewayConnect
  • AWS::ECS::CapacityProvider
  • AWS::IoT::CACertificate
  • AWS::IoTTwinMaker::SyncJob
  • AWS::KafkaConnect::Connector
  • AWS::Lambda::CodeSigningConfig
  • AWS::ResourceExplorer2::Index
  • AWS::Connect::Instance
  • AWS::EC2::IPAMPool
  • AWS::EC2::TransitGatewayMulticastDomain

To view a complete list of all supported types, see supported resource types page.

2024-01-31

Announcing the new Console Home in the AWS GovCloud (US) Regions

Today, we launched the new Console Home, a customizable home page for the AWS Management Console, in the AWS GovCloud (US-West and US-East) Regions. The new Console Home provides customers the capability to customize their Console Home experience by adding, removing, resizing, and rearranging widgets. 

At launch, you can use 6 widgets: Recently visited, Welcome to AWS, AWS Health, Build a solution, Security, and Favorites. These widgets aggregate data from multiple services and regions to enable customers to perform various tasks. For example, a DevOps manager can view important events and changes affecting their AWS environment in the AWS Health widget. 

The new Console Home experience will persist on the user account level across browsers and devices.

You can use the new Console Home in the AWS Management Console in the AWS GovCloud (US-West, US-East) Regions.

2024-02-01

Amazon Cognito adds signing, encryption, and Identity Provider-initiated SSO for SAML federation

Amazon Cognito has added three features for customers using the SAML standard for federation. Customers can use Amazon Cognito user pools to send signed SAML authentication requests, require encrypted responses from a SAML identity provider, and use identity provider-initiated single sign-on (SSO) for SAML federation.  

Request signing and encryption adds an additional layer of protection to the communication between Amazon Cognito and third-party SAML identity providers. Identity provider-initiated SSO allows application builders to configure an Amazon Cognito user pool to accept SAML assertions from a user who is already signed in with a SAML identity provider, without the need for an end user to go through a login flow. Customers can configure these features whenever the identity provider they are federating to requires it, or turn it off for those that do not support it.

The new capabilities will help business-to-business (B2B) application builders launch applications that are compatible with more third-party identity providers and support their business or customers’ compliance requirements. These features are available for all customers using Amazon Cognito for SAML federation in any AWS Region where Amazon Cognito is supported. 

Application builders can turn these features on using the Amazon Cognito console, APIs, or CLI. Amazon Cognito will provide a signing certificate and an encryption certificate which can be downloaded and used to configure the SAML identity provider to work with the new features in Amazon Cognito. To learn more, refer to the documentation

2024-01-19

Amazon ECS announces managed instance draining

Today, Amazon Elastic Container Services (Amazon ECS) announced managed instance draining, a new capability that facilitates graceful shutdown of workloads deployed on Amazon Elastic Compute Cloud (Amazon EC2) instances by safely stopping and rescheduling workloads to other, non-terminating instances. This capability enables customers to simplify infrastructure maintenance workflows, such as rolling out a new Amazon Machine Image (AMI) version, without needing to build custom solutions to gracefully shutdown instances without disrupting their workloads.

Amazon ECS customers can deploy their workloads on serverless compute with AWS Fargate or on Amazon EC2 instances for greater control over infrastructure provisioning. With Fargate, customers can just focus on building and deploying their workloads, however, deploying workloads on Amazon EC2 requires customers to manage infrastructure operations, such as scaling capacity, performing OS and security updates, configuring instance mix, and monitoring instance health. Amazon ECS Capacity Providers manage automatic scaling of instances in response to workload requirements by leveraging Auto Scaling groups (ASG). With today’s launch, capacity providers facilitate graceful instance termination by safely stopping running tasks, launching replacement tasks on non-terminating instances, and delaying instance termination until all tasks have stopped gracefully (up to 48 hours). Customers can now simplify infrastructure updates using ASG Instance Refresh to roll out a new AMI version, or maximum instance lifetime for periodic instance replacement, or any custom implementation without needing to build a solution to gracefully shutdown instances without disrupting workloads.

This capability is now available in all AWS Regions. To get started, see our documentation and blog.

Get started with AWS GovCloud (US)