Skip to content

v2.2.0 - AWS GovCloud Support

Latest
Latest

Choose a tag to compare

View all tags
@schuettc schuettc released this 05 Dec 01:37
· 46 commits to main since this release
v2.2.0
8cbbbce
This commit was signed with the committer’s verified signature.
Verified
Learn about vigilant mode.

πŸŽ‰ Release v2.2.0

Major Feature

πŸ›οΈ AWS GovCloud (US) Partition Support

This release adds comprehensive support for deploying to AWS GovCloud (US) regions, enabling US government agencies, contractors, and regulated workloads to use Claude Code with Amazon Bedrock.

What's New:

  • Partition-Aware CloudFormation Templates: All 8 CloudFormation templates now use AWS::Partition pseudo-parameter for dynamic ARN construction
  • GovCloud Service Principals: Proper handling of GovCloud-specific Cognito Identity service principals:
    • Commercial: cognito-identity.amazonaws.com
    • GovCloud West: cognito-identity-us-gov.amazonaws.com
    • GovCloud East: cognito-identity.us-gov-east-1.amazonaws.com
  • GovCloud Models: Added Claude Sonnet 4.5 and 3.7 GovCloud model configurations with us-gov prefix
  • FIPS Endpoints: Automatic detection and correction for GovCloud FIPS endpoints
  • Comprehensive Documentation: Updated README with GovCloud deployment guide, partition comparison table, and validation commands

Supported Regions:

  • us-gov-west-1 (US GovCloud West)
  • us-gov-east-1 (US GovCloud East)

Changed Files

CloudFormation Templates (8 files):

  • cognito-identity-pool.yaml - Partition-aware IAM roles and service principals
  • bedrock-auth-*.yaml - Updated ARN construction for all auth providers
  • analytics-pipeline.yaml - Partition support for Kinesis/S3
  • otel-collector.yaml - Partition-aware CloudWatch integration

Python Code (4 files):

  • models.py - Added GovCloud models and default regions
  • init.py - GovCloud region selection and FIPS endpoint correction
  • cloudformation.py - Partition-aware S3 URL construction
  • distribute.py - Profile handling improvements

Documentation:

  • README.md - Added GovCloud deployment guide (+432 lines)
  • .gitignore - Added sensitive file exclusions

Security Improvements

  • βœ… Proper IAM resource scoping across all partitions
  • βœ… FIPS endpoint enforcement for GovCloud
  • βœ… Enhanced .gitignore for sensitive files (.kiro/settings/mcp.json, etc.)
  • βœ… No hardcoded credentials or secrets

Backward Compatibility

  • βœ… Zero breaking changes - Existing commercial deployments continue working
  • βœ… CloudFormation updates apply cleanly to existing stacks
  • βœ… No data migration required
  • βœ… User-facing functionality unchanged

Quality Assurance

  • βœ… All pre-commit hooks passing (Ruff linting & formatting)
  • βœ… Code quality: Excellent
  • βœ… Security review: Approved
  • βœ… Architecture: Clean, extensible design

Contributors

  • @livermush (Doug Hairfield) - GovCloud partition support implementation
  • @schuettc (Court Schuett) - Integration and release coordination

What's Next?

  • Extended partition support (China regions)
  • Additional GovCloud region support as they become available
  • Cross-partition replication scenarios

Full Changelog: v2.1.0...v2.2.0

Contributors

livermush and schuettc
Assets 2
Loading