Skip to content

SYSTEM Cited by 1 source

AWS GovCloud (US)

What it is

AWS GovCloud (US) is AWS's US-public-sector partition. "Launched in 2011, [it] supports US public sector customers with compliance needs such as FedRAMP and ITAR." (Source: sources/2026-01-30-aws-sovereign-failover-design-digital-sovereignty)

Partition name: aws-us-gov. Regions: GovCloud West (us-gov-west-1) and GovCloud East (us-gov-east-1).

Partition boundary — with one Organizations asymmetry vs. European Sovereign Cloud

As an AWS partition, GovCloud inherits the standard hard-boundary properties (per-partition IAM, no cross-partition S3 CRR / TGW peering, distinct service availability). However, it supports one cross-partition Organizations shape that European Sovereign Cloud does not:

"In the AWS GovCloud (US) partition, accounts can be paired into a commercial organization, as described in Inviting Accounts into an Organization for AWS GovCloud." — (Source: sources/2026-01-30-aws-sovereign-failover-design-digital-sovereignty)

European Sovereign Cloud: "must be done in a completely separate organization." GovCloud: paired-optional.

The sovereign-failover post recommends the separate-Organization shape for GovCloud too when the goal is eventual sovereign-standalone operation: "With sovereignty as the main goal, failing over to an AWS European Sovereign Cloud-only state is simpler if the AWS Organizations setup is separate from the start." The advice generalizes — whether the sovereign partition is GovCloud or European Sovereign Cloud, day-one separation is simpler than day-N migration.

Control Tower gap

"AWS Control Tower can't directly manage AWS GovCloud (US) or AWS European Sovereign Cloud accounts." Same gap as European Sovereign Cloud; same consequence — governance tooling parity requires direct deployment automation against the GovCloud Organization.

Cross-partition connectivity

The sovereign-failover post points to a separate AWS blog for the GovCloud ↔ commercial connectivity recipe: Connectivity patterns between AWS GovCloud (US) and AWS commercial partition. The three generic options (TLS-over-internet, IPsec VPN, Direct Connect PoP-to-PoP) apply.

As precedent for European Sovereign Cloud design

GovCloud (2011) predates European Sovereign Cloud (2026) by 15 years. Much of the cross-partition-architecture pattern language the 2026-01-30 post codifies comes from the GovCloud-↔-commercial operational history — separate IAM topology, cross-signed CAs in regulated mTLS environments, per-partition Organizations, federation via IAM Identity Center for identity.

Stub page

Exists to anchor the 2026-01-30 Sovereign Failover article's GovCloud references (partition identity, Organizations asymmetry, Control Tower gap, cross-partition connectivity). No public-sector compliance depth or architectural internals covered yet.

Seen in

Last updated · 200 distilled / 1,178 read