Scan AWS GovCloud and more partitions with Pulumi Insights

Pulumi Insights account scanning now supports every AWS partition. If your workloads run in GovCloud, China, the European Sovereign Cloud, or one of the ISO intelligence-community clouds, you can get the same resource discovery, cross-account search, and AI-assisted insights that commercial accounts already have.

Supported partitions

1. AWS Standard (Commercial)
2. AWS GovCloud (US)
3. AWS ISO (US)
4. AWS ISOB (US)
5. AWS ISOF (US)
6. AWS ISOE (Europe)
7. AWS European Sovereign Cloud
8. AWS China

You can also exclude specific regions from discovery — useful when regions are disabled by SCPs or fall outside an audit’s scope.

Discovery stays inside the partition

Credentials are exchanged against the partition’s STS endpoint, and every scanner API call targets that partition’s regional endpoints. Discovery traffic doesn’t cross the boundary.

Set it up

In the Pulumi Cloud console:

1. Go to Accounts → Create account.
2. Select AWS as the provider.
3. Under Add your configuration, pick the target partition.
4. Supply credentials via a Pulumi ESC environment. The OIDC trust policy uses the partition-appropriate ARN prefix (arn:aws-us-gov:, arn:aws-cn:, etc.).

For IAM and ESC setup, see the Insights accounts docs. Log in to Pulumi Cloud to get started.