Aloha,
My goal is to have an EC2 instance in gov-cloud that is FIPS compliant to support a RHEL8 FIPS compliant container. I performed the following steps when creating and configuring the EC2 Instance.
- Created a new instance (Launch Instances button from EC2 Dashboard)
- Selected Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type [64-bit (x86)]
- Selected t2.mirco
- Default "Configure Instance Details"
- Storage size changed to 20 GiB - the rest of the settings were default
- Configured the "Name" tag to be my project name
- Default security group to allow SSH connections via TCP on port 22
- Launched and downloaded the *.pem file
- Connected to the machine as ec2-user using my personal machine's terminal via SSH and the *.pem file (login successful)
- Performed the following commands:
sudo yum update -y
sudo yum install -y dracut-fips
sudo dracut -f
sudo /sbin/grubby --update-kernel=ALL --args="fips=1"
sudo reboot
I allowed sufficient time for the system to reboot and attempted to login. I was met with the following message: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
. I tried all methods available to connect to the instance and all methods failed. I have since terminated the instance.
My questions:
- Does it matter if the system is a dedicated host, dedicated instance, or shared instance when creating a FIPS compliant instance in gov-cloud?
- Has anyone been successful in doing this? If so, what steps did you use or tutorial did you follow?
- Any pointers or recommended solutions outside of using Amazon Linux 2?
Thanks in advance,
Craig