Teleport can't connect to S3 FIPS endpoint

[russjones]

When running Teleport with --fips flag, Auth Service is unable to contact S3 to upload a session recording. In this example, Teleport attempted to contact s3-fips.us-east-1.amazonaws.com but no DNS entry exists for this name.

$ dig +short s3-fips.us-east-1.amazonaws.com
$ 

Based on https://aws.amazon.com/compliance/fips I think what we need is Teleport to try and connect to https://bucket.s3-fips.us-east-2.amazonaws.com.

[greedy52]

I couldn't reproduce this with v15.3.0 fips build.

  storage:
    region: us-east-1
    audit_sessions_uri: "s3://<my-bucket>/root-cluster"

Debugging locally with AWS log shows it's using the right fips URL in the https://bucket.s3-fips.us-east-2.amazonaws.com format.

024/05/03 14:29:34 DEBUG: Request s3/HeadBucket Details:
---[ REQUEST POST-SIGN ]-----------------------------
HEAD / HTTP/1.1
Host: steve-test-fips.s3-fips.us-east-1.amazonaws.com
User-Agent: aws-sdk-go/1.51.30 (go1.22.2; darwin; arm64)
Authorization: AWS4-HMAC-SHA256 Credential=<redacted>/20240503/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<redacted>
X-Amz-Content-Sha256: <redacted>
X-Amz-Date: 20240503T182934Z

@russjones do we have the problematic config yaml for repro?

[greedy52]

The problem was resolved in user cluster when moved to a new bucket. We suspected the issue is that the previous bucket has dot . in the name.