How to enable FIPS endpoint for govcloud AWS gateway (for lambda)?

Question

I have a invoke URL as follows:  https://ccvddddXXXXX.execute-api.us-gov-west-1.amazonaws.com/beta
I want to implement a FIPS endpoint (so that we are TLS 1.2 compliant). 
I'm missing the fundamental step here. Is the FIPS endpoint automatically?
This doesn't work: https://ccvddddXXXXX.execute-api-fips.us-gov-west-1.amazonaws.com/beta
I'm not too familiar with the CLI, so if there is something non-UI can you help provide syntax? thanks!

Answer

According to the [GovCloud API Gateway documentation](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-abp.html), "All API Gateway APIs created in GovCloud regions are FIPS-compliant by default."

Answer

At this time, FIPS is enabled for Amazon API Gateway running in AWS GovCloud only. It it not enabled for API Gateway running in commercial regions such as us-west-1 (Northern California).

However, you do not need FIPS to be enabled to support TLS 1.2. You can create a custom domain for your API endpoint and associate a security policy with it that enforces TLS 1.2. For instructions, see the [API Gateway documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html).

How to enable FIPS endpoint for govcloud AWS gateway (for lambda)?

Contenuto pertinente