- Newest
- Most votes
- Most comments
Hello,
Greetings for the day!
- We can confirm that TLS v1.2 is used when connected to S3, show I still need to use FIPS endpoint? Besides the SSL connection, what does the FIPS endpoint do exactly? Check tls version?
No if you are already using the TLS v1.2 it would not require to use FIPS endpoints. The update from AWS is that "TLS 1.2 WILL BE REQUIRED FOR ALL AWS FIPS ENDPOINTS BEGINNING MARCH 31, 2021" i.e. if you are using FIPS endpoints already then you have to also update to TLS v1.2. To help you meet your compliance needs, we’re updating all AWS Federal Information Processing Standard (FIPS) endpoints to a minimum of Transport Layer Security (TLS) 1.2. We have already updated over 40 services to require TLS 1.2, removing support for TLS 1.0 and TLS 1.1. Beginning March 31, 2021, if your client application cannot support TLS 1.2, it will result in connection failures. In order to avoid an interruption in service, we encourage you to act now to ensure that you connect to AWS FIPS endpoints at TLS version 1.2. This change does not affect non-FIPS AWS endpoints.
Regarding the FIPS endpoints, FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within U.S. non-military government agencies and by U.S. government contractors and vendors who work with the agencies. FIPS 140-2, “Security Requirements for Cryptographic Modules,” was issued by the U.S. National Institute of Standards and Technology (NIST) in May, 2001. The standard specifies the security requirements for cryptographic modules utilized within a security system that protects sensitive or valuable data. [+] https://s3.amazonaws.com/smhelpcenter/smhelp940/classic/Content/security/concepts/fips_mode.htm [+] https://aws.amazon.com/compliance/fips/
- Any detailed document if I need to use FIPS endpoint with Java S3 SDK 1.x.
Since, you are already using the TLS v1.2 so, it would not require you to use the FIPS endpoints however, if you want to use the FIPS endpoints then please note that only some AWS services offer endpoints that support Federal Information Processing Standard (FIPS) 140-2 in some Regions. Unlike standard AWS endpoints, FIPS endpoints use a TLS software library that complies with FIPS 140-2. These endpoints might be required by enterprises that interact with the United States government.
To use a FIPS endpoint with an AWS operation, use the mechanism provided by the AWS SDK or tool to specify a custom endpoint. For example, the AWS SDKs provide an AWS_USE_FIPS_ENDPOINT environment variable. [+] FIPS endpoints - https://docs.aws.amazon.com/general/latest/gr/rande.html#FIPS-endpoints
I was only able to found the document for the updated Java 2.x where we can setup the AWS_USE_FIPS_ENDPOINT environment variable in SdkSystemSetting (AWS SDK for Java - 2.18.16). Please refer the below document for more information. [+] https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/core/SdkSystemSetting.html
Relevant content
- asked 2 years ago
- asked 5 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 9 months ago
Yes, agree with you all. I cannot find the document about how to use FIPS endpoints in SDK V1.x either. It would be great if you can provide some one..
Have you tried using the "withEndpointConfiguration" method when creating the client. Each AWS client can be configured to use a specific endpoint within a region by calling the withEndpointConfiguration method when creating the client. [+] https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#region-selection-choose-endpoint
https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/client/builder/AwsClientBuilder.EndpointConfiguration.html