chore: add patterns for fips endpoint heuristics (#3929)

aws · Oct 25, 2021 · 6f0a94a · 6f0a94a
1 parent fc63c73
commit 6f0a94a
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 143 deletions.
diff --git a/lib/region_config.js b/lib/region_config.js
@@ -5,6 +5,7 @@ function generateRegionPrefix(region) {
   if (!region) return null;
   if (isFipsRegion(region)) {
     if (isFipsCnRegion(region)) return 'fips-cn-*';
+    if (isFipsUsGovRegion(region)) return 'fips-us-gov-*';
     if (region.startsWith('fips-accesspoint-')) return 'fips-accesspoint-*';
     return 'fips-*';
   }
@@ -105,6 +106,14 @@ function isFipsRegion(region) {
   return region && (region.startsWith('fips-') || region.endsWith('-fips'));
 }
 
+function isFipsUsGovRegion(region) {
+  return (
+    region &&
+    region.startsWith('fips-us-gov-') ||
+    (region.startsWith('us-gov-') && region.endsWith('-fips'))
+  );
+}
+
 function isFipsCnRegion(region) {
   return (
     region &&

diff --git a/lib/region_config_data.json b/lib/region_config_data.json
@@ -3,9 +3,8 @@
     "*/*": {
       "endpoint": "{service}.{region}.amazonaws.com"
     },
-    "fips-*/*": {
-      "endpoint": "{service}-fips.{region}.amazonaws.com"
-    },
+    "fips-*/*": "fipsStandard",
+    "fips-us-gov-*/*": "fipsStandard",
     "fips-cn-*/*": {
       "endpoint": "{service}-fips.{region}.amazonaws.com.cn"
     },
@@ -69,157 +68,52 @@
       "signatureVersion": "v2"
     },
 
-    "fips-*/api.ecr": {
-      "endpoint": "ecr-fips.{region}.amazonaws.com"
-    },
-    "fips-*/api.sagemaker": {
-      "endpoint": "api-fips.sagemaker.{region}.amazonaws.com"
-    },
-    "fips-*/batch": {
-      "endpoint": "fips.batch.{region}.amazonaws.com"
-    },
-    "fips-*/eks": {
-      "endpoint": "fips.eks.{region}.amazonaws.com"
-    },
-    "fips-*/models.lex": {
-      "endpoint": "models-fips.lex.{region}.amazonaws.com"
-    },
-    "fips-*/runtime.lex": {
-      "endpoint": "runtime-fips.lex.{region}.amazonaws.com"
-    },
+    "fips-*/api.ecr": "fips.api.ecr",
+    "fips-us-gov-*/api.ecr": "fips.api.ecr",
+    "fips-*/api.sagemaker": "fips.api.sagemaker",
+    "fips-us-gov-*/api.sagemaker": "fips.api.sagemaker",
+    "fips-*/batch": "fipsDotPrefix",
+    "fips-*/eks": "fipsDotPrefix",
+    "fips-*/models.lex": "fips.models.lex",
+    "fips-us-gov-*/models.lex": "fips.models.lex",
+    "fips-*/runtime.lex": "fips.runtime.lex",
+    "fips-us-gov-*/runtime.lex": "fips.runtime.lex",
     "fips-*/runtime.sagemaker": {
       "endpoint": "runtime-fips.sagemaker.{region}.amazonaws.com"
     },
     "fips-*/streams.dynamodb": {
       "endpoint": "dynamodb-fips.{region}.amazonaws.com"
     },
-    "fips-*/route53": {
-      "endpoint": "route53-fips.amazonaws.com"
-    },
-    "fips-*/transcribe": {
-      "endpoint": "fips.transcribe.{region}.amazonaws.com"
-    },
-    "fips-*/waf": {
-      "endpoint": "waf-fips.amazonaws.com"
-    },
+    "fips-*/route53": "fipsWithoutRegion",
+    "fips-*/transcribe": "fipsDotPrefix",
+    "fips-us-gov-*/transcribe": "fipsDotPrefix",
+    "fips-*/waf": "fipsWithoutRegion",
     "fips-accesspoint-*/*": {
       "endpoint": "{service}-accesspoint-fips.{region}.amazonaws.com"
     },
-    "fips-us-gov-east-1/acm-pca": {
-      "endpoint": "acm-pca.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/acm-pca": {
-      "endpoint": "acm-pca.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/batch": {
-      "endpoint": "batch.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/batch": {
-      "endpoint": "batch.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/config": {
-      "endpoint": "config.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/config": {
-      "endpoint": "config.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/eks": {
-      "endpoint": "eks.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/eks": {
-      "endpoint": "eks.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/elasticmapreduce": {
-      "endpoint": "elasticmapreduce.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/elasticmapreduce": {
-      "endpoint": "elasticmapreduce.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/identitystore": {
-      "endpoint": "identitystore.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/identitystore": {
-      "endpoint": "identitystore.{region}.amazonaws.com"
-    },
-    "us-gov-east-1-fips/dynamodb": {
-      "endpoint": "dynamodb.{region}.amazonaws.com"
-    },
-    "us-gov-west-1-fips/dynamodb": {
-      "endpoint": "dynamodb.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/elasticloadbalancing": {
-      "endpoint": "elasticloadbalancing.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/elasticloadbalancing": {
-      "endpoint": "elasticloadbalancing.{region}.amazonaws.com"
-    },
-    "us-gov-east-1-fips/guardduty": {
-      "endpoint": "guardduty.{region}.amazonaws.com"
-    },
-    "us-gov-west-1-fips/guardduty": {
-      "endpoint": "guardduty.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/monitoring": {
-      "endpoint": "monitoring.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/monitoring": {
-      "endpoint": "monitoring.{region}.amazonaws.com"
-    },
-    "fips-aws-us-gov-global/organizations": {
-      "endpoint": "organizations.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/resource-groups": {
-      "endpoint": "resource-groups.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/resource-groups": {
-      "endpoint": "resource-groups.{region}.amazonaws.com"
-    },
+    "fips-us-gov-*/acm-pca": "fipsWithServiceOnly",
+    "fips-us-gov-*/batch": "fipsWithServiceOnly",
+    "fips-us-gov-*/config": "fipsWithServiceOnly",
+    "fips-us-gov-*/eks": "fipsWithServiceOnly",
+    "fips-us-gov-*/elasticmapreduce": "fipsWithServiceOnly",
+    "fips-us-gov-*/identitystore": "fipsWithServiceOnly",
+    "fips-us-gov-*/dynamodb": "fipsWithServiceOnly",
+    "fips-us-gov-*/elasticloadbalancing": "fipsWithServiceOnly",
+    "fips-us-gov-*/guardduty": "fipsWithServiceOnly",
+    "fips-us-gov-*/monitoring": "fipsWithServiceOnly",
+    "fips-aws-us-gov-global/organizations": "fipsWithServiceOnly",
+    "fips-us-gov-*/resource-groups": "fipsWithServiceOnly",
     "fips-aws-us-gov-global/route53": {
       "endpoint": "route53.us-gov.amazonaws.com"
     },
-    "us-gov-east-1-fips/runtime.sagemaker": {
-      "endpoint": "runtime.sagemaker.{region}.amazonaws.com"
-    },
-    "us-gov-west-1-fips/runtime.sagemaker": {
-      "endpoint": "runtime.sagemaker.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/servicecatalog-appregistry": {
-      "endpoint": "servicecatalog-appregistry.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/servicecatalog-appregistry": {
-      "endpoint": "servicecatalog-appregistry.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/servicequotas": {
-      "endpoint": "servicequotas.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/servicequotas": {
-      "endpoint": "servicequotas.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/ssm": {
-      "endpoint": "ssm.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/ssm": {
-      "endpoint": "ssm.{region}.amazonaws.com"
-    },
-    "us-gov-east-1-fips/sts": {
-      "endpoint": "sts.{region}.amazonaws.com"
-    },
-    "us-gov-west-1-fips/sts": {
-      "endpoint": "sts.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/states": {
-      "endpoint": "states.{region}.amazonaws.com"
-    },
-    "fips-us-gov-east-1/support": {
-      "endpoint": "support.{region}.amazonaws.com"
-    },
-    "fips-us-gov-west-1/support": {
-      "endpoint": "support.{region}.amazonaws.com"
-    },
-    "us-gov-east-1-fips/streams.dynamodb": {
-      "endpoint": "dynamodb.{region}.amazonaws.com"
-    },
-    "us-gov-west-1-fips/streams.dynamodb": {
+    "fips-us-gov-*/runtime.sagemaker": "fipsWithServiceOnly",
+    "fips-us-gov-*/servicecatalog-appregistry": "fipsWithServiceOnly",
+    "fips-us-gov-*/servicequotas": "fipsWithServiceOnly",
+    "fips-us-gov-*/ssm": "fipsWithServiceOnly",
+    "fips-us-gov-*/sts": "fipsWithServiceOnly",
+    "fips-us-gov-west-1/states": "fipsWithServiceOnly",
+    "fips-us-gov-*/support": "fipsWithServiceOnly",
+    "fips-us-gov-*/streams.dynamodb": {
       "endpoint": "dynamodb.{region}.amazonaws.com"
     },
     "fips-us-iso-east-1/elasticfilesystem": {
@@ -241,6 +135,30 @@
     "s3signature": {
       "endpoint": "{service}.{region}.amazonaws.com",
       "signatureVersion": "s3"
+    },
+    "fipsStandard": {
+      "endpoint": "{service}-fips.{region}.amazonaws.com"
+    },
+    "fipsDotPrefix": {
+      "endpoint": "fips.{service}.{region}.amazonaws.com"
+    },
+    "fipsWithoutRegion": {
+      "endpoint": "{service}-fips.amazonaws.com"
+    },
+    "fips.api.ecr": {
+      "endpoint": "ecr-fips.{region}.amazonaws.com"
+    },
+    "fips.api.sagemaker": {
+      "endpoint": "api-fips.sagemaker.{region}.amazonaws.com"
+    },
+    "fips.models.lex": {
+      "endpoint": "models-fips.lex.{region}.amazonaws.com"
+    },
+    "fips.runtime.lex": {
+      "endpoint": "runtime-fips.lex.{region}.amazonaws.com"
+    },
+    "fipsWithServiceOnly": {
+      "endpoint": "{service}.{region}.amazonaws.com"
     }
   }
 }
diff --git a/scripts/region-checker/allowlist.js b/scripts/region-checker/allowlist.js
@@ -28,7 +28,7 @@ var allowlist = {
         112
     ],
     '/region_config.js': [
-        118
+        127
     ],
     '/request.js': [
         318,