-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't force the use of FIPS endpoints for DynamoDB Streams and Application Auto Scaling #34876
Conversation
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
65fd404
to
8aee840
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please add some tests that validate the behavior change?
LGTM but I didn't test it. I think the same issue can happen with AWS Application Auto Scaling though, since it also does not have fips endpoints in non-gov cloud. We use that here: teleport/lib/backend/dynamo/dynamodbbk.go Lines 348 to 360 in 8aee840
If you've already tested this could you try setting |
8aee840
to
4a50d18
Compare
I flipped the logic so that we only force FIPS endpoints for the services we know support it (mainly DynamoDB in this case). This obliviated the need for extra complexity, so I don't think a separate test is needed. |
Good catch. As mentioned above, I flipped the logic so that we're only forcing FIPS endpoints for DynamoDB in this case (and not DynamoDB Streams or Application Auto Scaling). So, that should address this issue. |
94050d1
to
e453ffa
Compare
738777a
to
642665f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tests would still be useful to verify that we are using the correct endpoints to prevent regressions.
642665f
to
970bca8
Compare
…ation Auto Scaling DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard. See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service Regression from #34170. Fixes #34804. Additionally, clean-up a few more AWS session initiations to be consistent and clear.
970bca8
to
4a1017b
Compare
@reedloden See the table below for backport results.
|
…Application Auto Scaling Backport of #34876. DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard. See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service Regression from #34170. Fixes #34804. Additionally, clean-up a few more AWS session initiations to be consistent and clear.
…Application Auto Scaling Backport of #34876. DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard. See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service Regression from #34170. Fixes #34804. Additionally, clean-up a few more AWS session initiations to be consistent and clear.
…Application Auto Scaling Backport of #34876. DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard. See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service Regression from #34170. Fixes #34804. Additionally, clean-up a few more AWS session initiations to be consistent and clear.
…Application Auto Scaling Backport of #34876. DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard. See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service Regression from #34170. Fixes #34804. Additionally, clean-up a few more AWS session initiations to be consistent and clear.
DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard.
See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service
Regression from #34170.
Fixes #34804.
Additionally, clean-up a few more AWS session initiations to be consistent and clear.
changelog: Don't force the use of FIPS endpoints for DynamoDB Streams and Application Auto Scaling