Skip to content

Instantly share code, notes, and snippets.

@mbarneyjr

mbarneyjr/list.md

Last active October 31, 2025 14:33
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mbarneyjr/a4eb1a756121445a05b6fcca87c91e3d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mbarneyjr/a4eb1a756121445a05b6fcca87c91e3d to your computer and use it in GitHub Desktop.
Download ZIP
List of AWS us-east-1 differences, edge cases, specialties, etc
Raw
list.md

What makes us-east-1 special?

Account:

  • Root user login is tied to us-east-1 (during a us-east-1 outage, root user logins were broken) link

CloudFront:

  • ACM certs must exist in us-east-1 for CloudFront to use them link
  • Lambda functions used for Lambda@Edge must be deployed in us-east-1 link
  • Control plane is only available in us-east-1 link

CloudTrial:

  • For most global services, events are logged as occurring in us-east-1 link

CloudWatch:

  • CloudWatch Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges" link

IAM:

  • Control plane is only available in us-east-1 link

Route53

  • Control plane is only available in us-east-1 link
@BasixKOR
Copy link

BasixKOR commented Oct 20, 2025

S3 legacy global endpoint is on us-east-1 too and it's often spotted in the wild: https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#VirtualHostingBackwardsCompatibility

@fernandopj-tecnol
Copy link

fernandopj-tecnol commented Oct 31, 2025

Let me help this topic with a research I did with ChatGPT: Source

Service / feature Dependency type (short) Nature of the us-east-1 dependency Source
AWS Identity and Access Management (IAM) Control-plane in us-east-1 Single IAM control plane for commercial AWS is hosted in us-east-1 (data-planes are regional). docs.aws.amazon.com
AWS Organizations & Account Management (Create/Close accounts) Control-plane in us-east-1 Organizations / Account Management APIs use a control plane in us-east-1; SDK/CLI guidance often points to us-east-1. docs.aws.amazon.com
AWS IAM Identity Center (successor to AWS SSO) Single primary region / regional control-data behavior You enable Identity Center in one region (its data stored there). many org flows end up relying on a single primary region (practically ties into Organizations/IAM behaviors). docs.aws.amazon.com
Amazon CloudFront (management / control plane) Management/control API endpoints anchored to us-east-1 CloudFront control/management (create/update distributions) and certain configuration flows are tied to global endpoints and CloudFront’s control plane (effectively operated via us-east-1). docs.aws.amazon.com
AWS Certificate Manager (ACM) for CloudFront Must request ACM certs for CloudFront in us-east-1 To use ACM certificates with CloudFront, certificates must be requested (or imported) in us-east-1. docs.aws.amazon.com
Amazon Route 53 (public DNS) Control-plane hosted in us-east-1 Route 53 public DNS control plane is hosted in us-east-1 (DNS data plane is global but management API/control plane is centralized). docs.aws.amazon.com
Route 53 Application Recovery Controller / Region-switch (R53Recovery) Control-plane in us-east-1 The Region-switch (recovery control plane) APIs are located in us-east-1 (management/control operations tied to us-east-1). docs.aws.amazon.com
Amazon Bedrock (foundation models service) Launched/feature-complete earliest in us-east-1 / per-model regional support Bedrock model and management endpoints are region-specific; many models and features launched first in us-east-1 (and us-east-2) — some model availability remains region-dependent. docs.aws.amazon.com
Amazon QuickSight (Amazon Q / generative features) Feature availability lags outside us-east-1 New QuickSight features (Amazon Q generative BI capabilities) were available first in a limited set of regions (including us-east-1), meaning access to the latest features may force use of those regions. strandsagents.com
AWS App Runner (service endpoints) Service endpoints in us-east-1 among supported control endpoints App Runner has service endpoints in us-east-1 (control plane/endpoints listed for us-east-1); some operations and newer features may appear earlier there. docs.aws.amazon.com
AWS Local Zones / Wavelength Zones (Local compute) Parent/management control plane in a parent region (often us-east-1) Local Zones and Wavelength Zones are children of a parent region and their control plane is managed in the parent region (several Local Zones are children of us-east-1). docs.aws.amazon.com
AWS Control Tower Landing/primary region choices; origin region constraints Control Tower is supported in a subset of regions and chooses an origin/landing region during setup (you often must use the allowed Control Tower regions such as us-east-1). docs.aws.amazon.com
Amazon Global Accelerator / certain edge/global services Management endpoints / global control behaviors anchored to US regions Global networking/edge services often have their control/management anchored in specific commercial regions; while not always explicitly “us-east-1 only,” operational management and some defaults often route through AWS global control infrastructure (us-east-1 is commonly where global endpoints resolve). docs.aws.amazon.com
AWS Organizations / Boto3 SDK note SDK guidance to call Organizations in us-east-1 Boto3/SDK docs explicitly instruct calling Organizations in us-east-1 for the commercial partition. boto3.amazonaws.com

https://docs.aws.amazon.com/IAM/latest/UserGuide/disaster-recovery-resiliency.html?utm_source=chatgpt.com "Resilience in AWS Identity and Access Management"
https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/appendix-a---partitional-service-guidance.html?utm_source=chatgpt.com "Appendix A - Partitional service guidance"
https://docs.aws.amazon.com/singlesignon/latest/userguide/regions.html?utm_source=chatgpt.com "IAM Identity Center Region data storage and operations"
https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html?utm_source=chatgpt.com "Global services - AWS Fault Isolation Boundaries"
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html?utm_source=chatgpt.com "Requirements for using SSL/TLS certificates with CloudFront"
https://docs.aws.amazon.com/r53recovery/latest/dg/data-and-control-planes-rs.html?utm_source=chatgpt.com "Data and control planes for Region switch"
https://docs.aws.amazon.com/bedrock/latest/userguide/models-regions.html?utm_source=chatgpt.com "Model support by AWS Region in Amazon Bedrock"
https://strandsagents.com/latest/documentation/docs/user-guide/concepts/model-providers/amazon-bedrock/?utm_source=chatgpt.com "Amazon Bedrock"
https://docs.aws.amazon.com/general/latest/gr/apprunner.html?utm_source=chatgpt.com "AWS App Runner endpoints and quotas"
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html?utm_source=chatgpt.com "Regions and Zones - Amazon Elastic Compute Cloud"
https://docs.aws.amazon.com/controltower/latest/userguide/region-how.html?utm_source=chatgpt.com "How AWS Regions Work With AWS Control Tower"
https://docs.aws.amazon.com/global-accelerator/latest/dg/introduction-how-it-works.html?utm_source=chatgpt.com "How AWS Global Accelerator works"
https://boto3.amazonaws.com/v1/documentation/api/1.40.48/reference/services/organizations.html?utm_source=chatgpt.com "Organizations - Boto3 1.40.48 documentation"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment