Documentation
If you're using a firewall, proxy server, or data perimeter, make sure to allowlist traffic to the following URLs and Amazon Resource Names (ARNs) so that Kiro works as expected.
General URLs to allowlist
In the following URLs, replace:
-
idc-directory-id-or-aliaswith your IAM Identity Center instance's directory ID or alias. For more information about IAM Identity Center, see What is IAM Identity Center? in the AWS IAM Identity Center User Guide. -
sso-regionwith the AWS Region where your IAM Identity Center instance is enabled.
| URL | Purpose |
|---|---|
| <idc-directory-id-or-alias>.awsapps.com | Authentication |
| oidc.<sso-region>.amazonaws.com | Authentication |
| *.sso.<sso-region>.amazonaws.com | Authentication |
| *.sso-portal.<sso-region>.amazonaws.com | Authentication |
| *.aws.dev | Authentication |
| *.awsstatic.com | Authentication |
| *.console.aws.a2z.com | Authentication |
| *.sso.amazonaws.com | Authentication |
| https://aws-toolkit-language-servers.amazonaws.com/* | Kiro, language processing |
| https://aws-language-servers.us-east-1.amazonaws.com/* | Kiro, language processing |
| https://client-telemetry.us-east-1.amazonaws.com | Kiro, telemetry |
| cognito-identity.us-east-1.amazonaws.com | Kiro, telemetry |
Page updated: August 12, 2025
Configuring a firewall, proxy server, or data perimeter for Kiro