How to enable FIPS endpoint for govcloud AWS gateway (for lambda)?

0

I have a invoke URL as follows: https://ccvddddXXXXX.execute-api.us-gov-west-1.amazonaws.com/beta I want to implement a FIPS endpoint (so that we are TLS 1.2 compliant). I'm missing the fundamental step here. Is the FIPS endpoint automatically? This doesn't work: https://ccvddddXXXXX.execute-api-fips.us-gov-west-1.amazonaws.com/beta I'm not too familiar with the CLI, so if there is something non-UI can you help provide syntax? thanks!

質問済み 2年前1700ビュー
2回答
2

According to the GovCloud API Gateway documentation, "All API Gateway APIs created in GovCloud regions are FIPS-compliant by default."

profile pictureAWS
エキスパート
kentrad
回答済み 2年前
  • Good find, but confusing. Do you know why documentation here is listing a FIPS specific endpoint for AWS Gateway service? https://aws.amazon.com/compliance/fips/

  • That is the control plane endpoint. You are concerned with the data plane endpoint (execute-api)

1

At this time, FIPS is enabled for Amazon API Gateway running in AWS GovCloud only. It it not enabled for API Gateway running in commercial regions such as us-west-1 (Northern California).

However, you do not need FIPS to be enabled to support TLS 1.2. You can create a custom domain for your API endpoint and associate a security policy with it that enforces TLS 1.2. For instructions, see the API Gateway documentation.

AWS
エキスパート
回答済み 2年前
  • this is for govcloud, I've updated question to reflect that. Didn't realize that would effect answer. thanks!

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ