5 min.

AWS service endpoints

AWS service endpoints are public access points for programmatically interacting with AWS services or for referencing them.

AWS service endpoints are typically public URLs using the HTTPS protocol. While these endpoints are a fundamental part of the AWS ecosystem, they usually operate behind the scenes.


Users generally need to specify these endpoints when they are working with a service in a region different from their default, or when setting up configurations for other services. For instance, you might specify a non-default endpoint when interacting with an AWS service in a specific region, or use an S3 endpoint as a reference for custom origins when configuring a CloudFront distribution for web hosting.


Every AWS service endpoint is comprised of a protocol name, a service code name that identifies the specific AWS service being invoked, and the AWS domain.



Global or Regional


Endpoints in AWS are classified into two distinct categories: Global and Regional. The classification depends on the nature of the service being used. Dive into this article to explore the nuances of global and regional services - what is global and regional service.



Global endpoints are solely used by AWS global services that include (this is full list):


  • Amazon CloudFront


  • AWS Global Accelerator


  • AWS Identity and Access Management (IAM)


  • AWS Network Manager


  • AWS Organizations


  • Amazon Route 53


  • AWS Shield Advanced


  • AWS WAF Classic




All of these services can be invoked with the following schema:





On the other hand regional endpoints are used by regional services (the all other services not listed as Global above) like:


  • RDS


  • EC2


  • DynamoDB


  • S3 (its actutally quasi global-regional service


  • Redshift


  • ECS (Elastic Container Service)


  • EKS (Elastic Kubernetes Service)


  • Lambda



Regional endpoint schema:





Dual stack endpoints


Additonaly there are dual stack endpoints which enables you to communicate with AWS services with either IPv4 or IPv6. This can come handy for applications in environments where both protocols are used.


Dual stack endpoints can be used either with regional or global services. In order use them a region has to be specified or AWS_USE_DUALSTACK_ENDPOINT flag (for global services) set in AWS CLI. 


Dual stack endpoints can be used with the following regional services:


  • Application Load Balancer


  • AWS S3


  • Amazon EC2


  • Amazon API Gateway


  • Amazon SQS


  • Amazon SNS



Dual stack endpoints can be used with the following global services:


  • Amazon CloudFront


  • AWS Route 53


  • AWS Global Accelerator


  • AWS WAF (quasi global-regional service)




Dual stack default endpoint schema:




There is also two dual stack schemas reserved for S3 service (virtual hosted-style and path-style respectively):





Dual stack endpoints have limited availability to the following regions:


  • us-east-1 - US East (Northern Virginia)


  • us-east-2 - US East (Ohio)


  • us-west-2 - US West (Oregon)


  • eu-west-1 - Europe (Ireland)


  • ap-south-1 - Asia Pacific (Mumbai)


  • sa-east-1 - South America (São Paulo)


  • us-gov-east-1 - AWS GovCloud (US-East)


  • us-gov-west-1 - AWS GovCloud (US-West)



FIPS endpoints


Numerous AWS services support invocation through FIPS endpoints, which adhere to the Federal Information Processing Standards (FIPS) utilized by the US and Canadian governments, particularly concerning data encryption methodologies. They are usually used when interacting with government


FIPS endpoint are only available in US and Canada regions:


  • us-east-1 - US East (Northern Virginia)


  • us-east-2 - US East (Ohio)


  • us-west-1 - US West (N. California)


  • us-west-2 - US West (Oregon)


  • ca-central-1 - Canada (Central)


  • us-gov-east-1 - AWS GovCloud (US-East)


  • us-gov-west-1 - AWS GovCloud (US-West)



To utilize FIPS endpoints, you can activate them either by enabling the AWS_USE_FIPS_ENDPOINT flag or by setting the use_fips_endpoint option to 'true' in the AWS CLI configuration file located at ~/.aws/config. This configuration ensures that all AWS service interactions adhere to FIPS encryption standards. Alternatively for some, you can employ the FIPS endpoint schema along with the --endpoint-url parameter in the AWS CLI.


FIPS endpoint default endpoint schema:







AWS service endpoints

Using Amazon S3 dual-stack endpoints

Dual-stack and FIPS endpoints - AWS SDKs and Tools

Using Amazon S3 dual-stack endpoints - Amazon Simple Storage Service

Amazon EC2 service endpoints - Amazon Elastic Compute Cloud

Dual-stack IPv6 architectures for AWS and hybrid networks

AWS services that support IPv6 - Amazon Virtual Private Cloud

Introducing dual-stack and IPv6-only support for Amazon Route 53 Resolver Endpoints

Announcing AWS Global Accelerator IPv6 support for Amazon EC2 endpoints

Federal Information Processing Standard (FIPS) 140-2