Amazon API Gateway is now in GovCloud

I just got a note that Amazon API Gateway is now available in AWS GovCloud. This makes things more interesting for GovCloud for sure, but it’s just a minor stepping stone. Remember, just because it’s in GovCloud doesn’t mean it’s FedRAMP’d (even though it probably is).

AWS GovCloud and CloudFormation

Be careful when you’re working with CloudFormation in the AWS GovCloud region. Almost every code snippet available on the Internet refers to the public regions of AWS. If you’re making resources in GovCloud with a Cloudformation templates, there are subtle differences.

For instance, referring to an S3 bucket in a code snippet is:

“Resource”: { “Fn::Join” : [“”, [“arn:aws:s3:::”, { “Ref” : “myExampleBucket” } , “/*” ]]},

But if your bucket is in GovCloud, your arn is different:

“Resource”: { “Fn::Join” : [“”, [“arn:aws-us-gov:s3:::”, { “Ref” : “myExampleBucket” } , “/*” ]]},

Subtle things like that can make CloudFormation development a real hoot. Be careful.