How to connect to Amazon S3 GovCloud (US)

AWS GovCloud (US) is an isolated AWS Region designed to allow US government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.

The following GovCloud regions are supported for now:

• Amazon S3 GovCloud Storage (FIPS-140-2)
  Endpoint: s3-fips-us-gov-west-1.amazonaws.com (uses FIPS 140-2 validated cryptographic modules to support compliance with FIPS 140-2)
• Amazon S3 GovCloud Storage
  Endpoint: s3-us-gov-west-1.amazonaws.com (non-FIPS alternative for Amazon S3)

With S3 Browser you can easily start working with Amazon S3 GovCloud region.

To connect to GovCloud Region:

Please note: to start working with GovCloud Region you need to contact AWS GovCloud (US) Region business representative and go through approval process.

1. Start S3 Browser and click Accounts -> Add New Account.

Click Accounts, Add New Account or use the Ctrl+Shift+N keyboard shortcut

Add New Account dialog will appear:

Add New Amazon S3 GovCloud Account dialog.

2. Choose the Account Type:

• Amazon S3 GovCloud Storage (FIPS-140-2) if you need compliance with FIPS 140-2.
• Amazon S3 GovCloud Storage for non-FIPS alternative.

3. Specify your Access Key Id and Secret Access Key

4. Turn on Encrypt Access Keys with a password if you would like to protect your Access Keys with a master password

5. Click Add new account

You can now choose the newly added account from the Accounts menu:

Click Accounts, Account Name to switch between accounts or use the Ctrl+Shift+[number] keyboard shortcut

Advanced Account Settings

You may also configure additional settings when adding new or editing existing account.

In order to open advanced account settings, please click the advanced settings link located at the bottom left corner of the dialog.

The Advanced Account Settings dialog will open:

Advanced account settings

You may configure the following settings here:

Enable Dual-Stack Endpoints (IPv4/IPv6) - When checked, S3 Browser will use dual-stack endpoints to access storage, allowing connections over both IPv4 and IPv6. This improves compatibility with networks that support IPv6.

List All My Buckets When Account Assigned - When checked, S3 Browser will perform the s3:ListAllMyBuckets call when the account is assigned. If the account does not have permission to list all buckets, you can uncheck this option to avoid failed tasks and warnings in the log.

Check CloudFront Distributions When Account Assigned - When checked, S3 Browser will perform the cloudfront:ListDistributions call when the account is assigned, allowing it to set a special icon for buckets used as origins for CloudFront distributions. If the account does not have permission to list CloudFront distributions, you can uncheck this option to avoid failed tasks and warnings in the log.

External Buckets - You can edit the external buckets associated with the account. Each bucket should be listed on a new line. Optional paths are also supported, with a slash used as the delimiter (e.g., my-bucket/and/optional/path).