How to enable FIPS endpoint for govcloud AWS gateway (for lambda)?

0

I have a invoke URL as follows: https://ccvddddXXXXX.execute-api.us-gov-west-1.amazonaws.com/beta I want to implement a FIPS endpoint (so that we are TLS 1.2 compliant). I'm missing the fundamental step here. Is the FIPS endpoint automatically? This doesn't work: https://ccvddddXXXXX.execute-api-fips.us-gov-west-1.amazonaws.com/beta I'm not too familiar with the CLI, so if there is something non-UI can you help provide syntax? thanks!

已提問 3 年前檢視次數 2057 次
2 個答案
2

According to the GovCloud API Gateway documentation, "All API Gateway APIs created in GovCloud regions are FIPS-compliant by default."

profile pictureAWS
專家
kentrad
已回答 3 年前
  • Good find, but confusing. Do you know why documentation here is listing a FIPS specific endpoint for AWS Gateway service? https://aws.amazon.com/compliance/fips/

  • That is the control plane endpoint. You are concerned with the data plane endpoint (execute-api)

1

At this time, FIPS is enabled for Amazon API Gateway running in AWS GovCloud only. It it not enabled for API Gateway running in commercial regions such as us-west-1 (Northern California).

However, you do not need FIPS to be enabled to support TLS 1.2. You can create a custom domain for your API endpoint and associate a security policy with it that enforces TLS 1.2. For instructions, see the API Gateway documentation.

AWS
專家
已回答 3 年前
  • this is for govcloud, I've updated question to reflect that. Didn't realize that would effect answer. thanks!

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南