support fips endpoint in aws java sdk for different region

Question

I want to set system property AWS_USE_FIPS_ENDPOINT to true to enable fips endpoint for aws java sdk, but I have too many aws regions, in our code there are some concurrent request to different regions, part of which support fips endpoint while others has no fips endpoint.
My question is if aws sdk is intelligent enough to judge if the request region support fips, if not support , does it go to the non-fips endpoint automatically?  how can I guarantee that the request to non-fips region is working while AWS_USE_FIPS_ENDPOINT was set to ture?

Answer

The AWS SDK/CLI currently, doesn't check for fips support in a region. FIPS endpoints are available in the following regions: AWS US East/West, AWS GovCloud (US) and AWS Canada (Central). Setting the AWS_USE_FIPS_ENDPOINT flag to use the FIPS endpoints on those regions are usually based on specific security and compliance requirements, for workloads running only on those regions. You may want to reach out to a specialist via your AWS account team to discuss the requirement of having the flag set to true in a multi-region (including non-FIPS supported regions) setup described.

You may choose to set the flag to true when the sdk is invoking API calls to the FIPS supported regions, as an alternative.

support fips endpoint in aws java sdk for different region

관련 콘텐츠