Skip to content

Instantly share code, notes, and snippets.

@mbarneyjr

mbarneyjr/list.md

Last active October 31, 2025 14:33
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mbarneyjr/a4eb1a756121445a05b6fcca87c91e3d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mbarneyjr/a4eb1a756121445a05b6fcca87c91e3d to your computer and use it in GitHub Desktop.
Download ZIP
List of AWS us-east-1 differences, edge cases, specialties, etc
Raw
list.md

What makes us-east-1 special?

Account:

  • Root user login is tied to us-east-1 (during a us-east-1 outage, root user logins were broken) link

CloudFront:

  • ACM certs must exist in us-east-1 for CloudFront to use them link
  • Lambda functions used for Lambda@Edge must be deployed in us-east-1 link
  • Control plane is only available in us-east-1 link

CloudTrial:

  • For most global services, events are logged as occurring in us-east-1 link

CloudWatch:

  • CloudWatch Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges" link

IAM:

  • Control plane is only available in us-east-1 link

Route53

  • Control plane is only available in us-east-1 link
@dfulde-trek10
Copy link

dfulde-trek10 commented Nov 18, 2022

CloudWatch: "Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges." link

Not sure how this would be impacted by an outage. If CloudWatch Metrics were not available in us-east-1, then I assume billing metrics would be inaccessible.

@mbarneyjr
Copy link
Author

mbarneyjr commented Nov 18, 2022

Nice find, added to the list

@BasixKOR
Copy link

BasixKOR commented Oct 20, 2025

S3 legacy global endpoint is on us-east-1 too and it's often spotted in the wild: https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#VirtualHostingBackwardsCompatibility

@fernandopj-tecnol
Copy link

fernandopj-tecnol commented Oct 31, 2025

Let me help this topic with a research I did with ChatGPT: Source

Service / feature Dependency type (short) Nature of the us-east-1 dependency Source
AWS Identity and Access Management (IAM) Control-plane in us-east-1 Single IAM control plane for commercial AWS is hosted in us-east-1 (data-planes are regional). docs.aws.amazon.com
AWS Organizations & Account Management (Create/Close accounts) Control-plane in us-east-1 Organizations / Account Management APIs use a control plane in us-east-1; SDK/CLI guidance often points to us-east-1. docs.aws.amazon.com
AWS IAM Identity Center (successor to AWS SSO) Single primary region / regional control-data behavior You enable Identity Center in one region (its data stored there). many org flows end up relying on a single primary region (practically ties into Organizations/IAM behaviors). docs.aws.amazon.com
Amazon CloudFront (management / control plane) Management/control API endpoints anchored to us-east-1 CloudFront control/management (create/update distributions) and certain configuration flows are tied to global endpoints and CloudFront’s control plane (effectively operated via us-east-1). docs.aws.amazon.com
AWS Certificate Manager (ACM) for CloudFront Must request ACM certs for CloudFront in us-east-1 To use ACM certificates with CloudFront, certificates must be requested (or imported) in us-east-1. docs.aws.amazon.com
Amazon Route 53 (public DNS) Control-plane hosted in us-east-1 Route 53 public DNS control plane is hosted in us-east-1 (DNS data plane is global but management API/control plane is centralized). docs.aws.amazon.com
Route 53 Application Recovery Controller / Region-switch (R53Recovery) Control-plane in us-east-1 The Region-switch (recovery control plane) APIs are located in us-east-1 (management/control operations tied to us-east-1). docs.aws.amazon.com
Amazon Bedrock (foundation models service) Launched/feature-complete earliest in us-east-1 / per-model regional support Bedrock model and management endpoints are region-specific; many models and features launched first in us-east-1 (and us-east-2) — some model availability remains region-dependent. docs.aws.amazon.com
Amazon QuickSight (Amazon Q / generative features) Feature availability lags outside us-east-1 New QuickSight features (Amazon Q generative BI capabilities) were available first in a limited set of regions (including us-east-1), meaning access to the latest features may force use of those regions. strandsagents.com
AWS App Runner (service endpoints) Service endpoints in us-east-1 among supported control endpoints App Runner has service endpoints in us-east-1 (control plane/endpoints listed for us-east-1); some operations and newer features may appear earlier there. docs.aws.amazon.com
AWS Local Zones / Wavelength Zones (Local compute) Parent/management control plane in a parent region (often us-east-1) Local Zones and Wavelength Zones are children of a parent region and their control plane is managed in the parent region (several Local Zones are children of us-east-1). docs.aws.amazon.com
AWS Control Tower Landing/primary region choices; origin region constraints Control Tower is supported in a subset of regions and chooses an origin/landing region during setup (you often must use the allowed Control Tower regions such as us-east-1). docs.aws.amazon.com
Amazon Global Accelerator / certain edge/global services Management endpoints / global control behaviors anchored to US regions Global networking/edge services often have their control/management anchored in specific commercial regions; while not always explicitly “us-east-1 only,” operational management and some defaults often route through AWS global control infrastructure (us-east-1 is commonly where global endpoints resolve). docs.aws.amazon.com
AWS Organizations / Boto3 SDK note SDK guidance to call Organizations in us-east-1 Boto3/SDK docs explicitly instruct calling Organizations in us-east-1 for the commercial partition. boto3.amazonaws.com

https://docs.aws.amazon.com/IAM/latest/UserGuide/disaster-recovery-resiliency.html?utm_source=chatgpt.com "Resilience in AWS Identity and Access Management"
https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/appendix-a---partitional-service-guidance.html?utm_source=chatgpt.com "Appendix A - Partitional service guidance"
https://docs.aws.amazon.com/singlesignon/latest/userguide/regions.html?utm_source=chatgpt.com "IAM Identity Center Region data storage and operations"
https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html?utm_source=chatgpt.com "Global services - AWS Fault Isolation Boundaries"
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html?utm_source=chatgpt.com "Requirements for using SSL/TLS certificates with CloudFront"
https://docs.aws.amazon.com/r53recovery/latest/dg/data-and-control-planes-rs.html?utm_source=chatgpt.com "Data and control planes for Region switch"
https://docs.aws.amazon.com/bedrock/latest/userguide/models-regions.html?utm_source=chatgpt.com "Model support by AWS Region in Amazon Bedrock"
https://strandsagents.com/latest/documentation/docs/user-guide/concepts/model-providers/amazon-bedrock/?utm_source=chatgpt.com "Amazon Bedrock"
https://docs.aws.amazon.com/general/latest/gr/apprunner.html?utm_source=chatgpt.com "AWS App Runner endpoints and quotas"
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html?utm_source=chatgpt.com "Regions and Zones - Amazon Elastic Compute Cloud"
https://docs.aws.amazon.com/controltower/latest/userguide/region-how.html?utm_source=chatgpt.com "How AWS Regions Work With AWS Control Tower"
https://docs.aws.amazon.com/global-accelerator/latest/dg/introduction-how-it-works.html?utm_source=chatgpt.com "How AWS Global Accelerator works"
https://boto3.amazonaws.com/v1/documentation/api/1.40.48/reference/services/organizations.html?utm_source=chatgpt.com "Organizations - Boto3 1.40.48 documentation"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment