How to enable FIPS endpoint for govcloud AWS gateway (for lambda)?

0

I have a invoke URL as follows: https://ccvddddXXXXX.execute-api.us-gov-west-1.amazonaws.com/beta I want to implement a FIPS endpoint (so that we are TLS 1.2 compliant). I'm missing the fundamental step here. Is the FIPS endpoint automatically? This doesn't work: https://ccvddddXXXXX.execute-api-fips.us-gov-west-1.amazonaws.com/beta I'm not too familiar with the CLI, so if there is something non-UI can you help provide syntax? thanks!

已提问 3 年前2070 查看次数
2 回答
2

According to the GovCloud API Gateway documentation, "All API Gateway APIs created in GovCloud regions are FIPS-compliant by default."

profile pictureAWS
专家
kentrad
已回答 3 年前
  • Good find, but confusing. Do you know why documentation here is listing a FIPS specific endpoint for AWS Gateway service? https://aws.amazon.com/compliance/fips/

  • That is the control plane endpoint. You are concerned with the data plane endpoint (execute-api)

1

At this time, FIPS is enabled for Amazon API Gateway running in AWS GovCloud only. It it not enabled for API Gateway running in commercial regions such as us-west-1 (Northern California).

However, you do not need FIPS to be enabled to support TLS 1.2. You can create a custom domain for your API endpoint and associate a security policy with it that enforces TLS 1.2. For instructions, see the API Gateway documentation.

AWS
专家
已回答 3 年前
  • this is for govcloud, I've updated question to reflect that. Didn't realize that would effect answer. thanks!

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则