ProsperOps Security for AWS GovCloud (US)

ProsperOps fully supports AWS GovCloud (US). Granting ProsperOps access to autonomously manage discounts in GovCloud (US) requires a least privilege IAM role on each AWS account in the organization for which there is compute usage in a GovCloud (US) region. 

Our IAM role policy limits the ProsperOps service to the minimum permissions required to real-time monitor compute usage metadata and manage RIs, and nothing more. Within AWS, the same usage telemetry data that we access in real-time ultimately makes its way back to the commercial N. Virginia (us-east-1) region where AWS runs all billing and commerce services.

When programmatically accessing AWS services in GovCloud (US), ProsperOps leverages FIPS-compliant API endpoints as documented here