Mar 10, 2026 by Graham Christensen

Support for AWS GovCloud and European Sovereign Cloud

nix aws nixos amis govcloud eusc compliance

2 min read

At Determinate Systems, we’re committed to providing first-class support for deploying NixOS systems to Amazon Web Services (AWS) using FlakeHub features like FlakeHub Cache and resolved store paths. As part of that commitment, we publish Amazon Machine Images (AMIs) for NixOS that come with two important things installed:

Determinate Nix, our enterprise-oriented downstream distribution of Nix, with features like lazy trees, parallel evaluation, flake schemas, WebAssembly support, and more.
fh, the CLI for FlakeHub. With fh, you can run fh apply nixos to declaratively activate a NixOS configuration directly from FlakeHub Cache without even needing to resolve the store path, which provides a highly streamlined deployment experience. See our docs for more info.

Today, we’re expanding AMI availability to two regions designed for organizations with strict compliance and data residency requirements: AWS GovCloud and AWS European Sovereign Cloud.

AWS GovCloud

AWS GovCloud is designed for US government agencies and contractors that handle Controlled Unclassified Information (CUI), ITAR-regulated data, and other workloads subject to federal compliance requirements like FedRAMP and DoD IL2/IL4. With our NixOS AMIs now available in AWS GovCloud, teams operating under certain strictures can use NixOS with Determinate Nix and FlakeHub without needing to move sensitive workloads outside of compliant infrastructure.

For Terraform or OpenTofu users, here’s an example AMI data source that pulls from GovCloud:

data "aws_ami" "detsys_nixos" {
  most_recent = true

  owners      = [ "579351485434" ]

  filter {
    name   = "name"
    values = [ "determinate/nixos/epoch-1/*" ]
  }

  filter {
    name   = "architecture"
    values = [ "x86_64" ] # or arm64
  }
}

AWS European Sovereign Cloud

AWS European Sovereign Cloud is purpose built for European public sector organizations and regulated industries that require data to remain under EU jurisdiction and control, independently of US legal frameworks.

Our NixOS AMIs are now available in AWS European Sovereign Cloud, enabling teams in Europe to keep their critical infrastructure and build workloads entirely within EU jurisdiction.

For Terraform or OpenTofu users, here’s an example AMI data source that pulls from European Sovereign Cloud:

data "aws_ami" "detsys_nixos" {
  most_recent = true

  owners      = [ "111921064076" ]

  filter {
    name   = "name"
    values = [ "determinate/nixos/epoch-1/*" ]
  }

  filter {
    name   = "architecture"
    values = [ "x86_64" ] # or arm64
  }
}

Written by Graham Christensen

Graham is a Nix and Rust developer, with a passion and focus on reliability in the lower levels of the stack. He founded Determinate Systems, Inc to support Nix adoption at your workplace.

Would you like access to private flakes and FlakeHub Cache?