diff --git a/go.mod b/go.mod index de58e4aa08503..c0fbc15bca04d 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( github.com/andybalholm/brotli v1.0.6 github.com/aquasecurity/libbpfgo v0.5.1-libbpf-1.2 github.com/armon/go-radix v1.0.0 - github.com/aws/aws-sdk-go v1.49.4 + github.com/aws/aws-sdk-go v1.49.13 github.com/aws/aws-sdk-go-v2 v1.24.0 github.com/aws/aws-sdk-go-v2/config v1.26.1 github.com/aws/aws-sdk-go-v2/credentials v1.16.12 diff --git a/go.sum b/go.sum index b17584ec82bd0..839464fd500ad 100644 --- a/go.sum +++ b/go.sum @@ -194,8 +194,8 @@ github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQ github.com/aws/aws-sdk-go v1.17.4/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.44.263/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.49.4 h1:qiXsqEeLLhdLgUIyfr5ot+N/dGPWALmtM1SetRmbUlY= -github.com/aws/aws-sdk-go v1.49.4/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.49.13 h1:f4mGztsgnx2dR9r8FQYa9YW/RsKb+N7bgef4UGrOW1Y= +github.com/aws/aws-sdk-go v1.49.13/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk= diff --git a/lib/backend/dynamo/dynamodbbk.go b/lib/backend/dynamo/dynamodbbk.go index ab8fa8f6a9225..50e3238a258c3 100644 --- a/lib/backend/dynamo/dynamodbbk.go +++ b/lib/backend/dynamo/dynamodbbk.go @@ -31,7 +31,6 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/applicationautoscaling" "github.com/aws/aws-sdk-go/service/dynamodb" @@ -239,12 +238,6 @@ func New(ctx context.Context, params backend.Params) (*Backend, error) { buf: buf, } - // determine if the FIPS endpoints should be used - useFIPSEndpoint := endpoints.FIPSEndpointStateUnset - if modules.GetModules().IsBoringBinary() { - useFIPSEndpoint = endpoints.FIPSEndpointStateEnabled - } - awsConfig := aws.Config{ EC2MetadataEnableFallback: aws.Bool(false), } @@ -275,15 +268,12 @@ func New(ctx context.Context, params backend.Params) (*Backend, error) { } b.session.Config.HTTPClient = httpClient - // create DynamoDB service: - svc, err := dynamometrics.NewAPIMetrics(dynamometrics.Backend, dynamodb.New(b.session, &aws.Config{ - // Setting this on the individual service instead of the session, as DynamoDB Streams - // and Application Auto Scaling do not yet have FIPS endpoints in non-GovCloud. - // See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service - // TODO(reed): This can be simplified once https://github.com/aws/aws-sdk-go/pull/5078 - // is available (or whenever AWS adds the missing FIPS endpoints). - UseFIPSEndpoint: useFIPSEndpoint, - })) + // Create DynamoDB service. + // FIPS endpoint is used if this is a FIPS build. Note that this is set on the individual + // service instead of the session, as DynamoDB Streams and Application Auto Scaling do not + // yet have FIPS endpoints in non-GovCloud. + // See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service + svc, err := dynamometrics.NewAPIMetrics(dynamometrics.Backend, dynamodb.New(b.session, aws.NewConfig().WithUseFIPSEndpoint(modules.GetModules().IsBoringBinary()))) if err != nil { return nil, trace.Wrap(err) } diff --git a/lib/events/dynamoevents/dynamoevents.go b/lib/events/dynamoevents/dynamoevents.go index 4e6f7c61c728c..770cf367eb6a2 100644 --- a/lib/events/dynamoevents/dynamoevents.go +++ b/lib/events/dynamoevents/dynamoevents.go @@ -287,13 +287,11 @@ func New(ctx context.Context, cfg Config) (*Log, error) { return nil, trace.Wrap(err) } - // create DynamoDB service: + // Create DynamoDB service. svc, err := dynamometrics.NewAPIMetrics(dynamometrics.Events, dynamodb.New(b.session, &aws.Config{ // Setting this on the individual service instead of the session, as DynamoDB Streams // and Application Auto Scaling do not yet have FIPS endpoints in non-GovCloud. // See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service - // TODO(reed): This can be simplified once https://github.com/aws/aws-sdk-go/pull/5078 - // is available (or whenever AWS adds the missing FIPS endpoints). UseFIPSEndpoint: events.FIPSProtoStateToAWSState(cfg.UseFIPSEndpoint), })) if err != nil {