How to enable FIPS endpoint on govcloud KMS?

Question

Documentation here (https://docs.aws.amazon.com/kms/latest/APIReference/Welcome.html) says 'use FIPS endpoint for your region', but I can't find any information on how to configure or enable it. I'm using this on gov cloud region. Is the FIPS endpoint just there and auto-provisioned like an alias for any service? If there is something needed in the CLI could you kindly provide the syntax?

Answer

Take a look at:
* [FIPS endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#FIPS-endpoints)
* [GovCloud Service Endpoints](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-endpoints.html)

Answer

Here is an example of specifying the FIPS endpoint on the CLI: . `aws appstream describe-stacks --endpoint-url https://appstream2-fips.us-west-2.amazonaws.com`. Associated [documentation](https://docs.aws.amazon.com/appstream2/latest/developerguide/protecting-data-in-transit-FIPS-endpoints.html).

It is also possible to configure the SDK for FIPS endpoint usage: https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ 
```
To configure a FIPS endpoint set the environment variable set the AWS_USE_FIPS_ENDPOINT to true or false to enable or disable FIPS endpoint resolution.

AWS_USE_FIPS_ENDPOINT=true
To configure a FIPS endpoint using shared config, set use_fips_endpoint to true or false to enable or disable FIPS endpoint resolution.

[profile myprofile]
region=us-west-2
use_fips_endpoint=true
```

How to enable FIPS endpoint on govcloud KMS?

相关内容