Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fallback when AWS SDK returns invalid FIPS endpoint when global UseFIPSEndpoint is set #38057

Merged
merged 17 commits into from
Jun 20, 2024
Merged

Add fallback when AWS SDK returns invalid FIPS endpoint when global UseFIPSEndpoint is set #38057

merged 17 commits into from
Jun 20, 2024

Conversation

gdavison
Copy link
Contributor

Description

When the global setting UseFIPSEndpoint is set, the AWS SDK returns an API endpoint matching a specific pattern that indicates a FIPS endpoint, even if the region does not have a FIPS endpoint implemented. This has been causing a number of Terraform failures.

Endpoint resolution now verifies that the returned endpoint can be resolved using DNS. If not, it falls back to the non-FIPS endpoint.

Relations

Closes #23619
Closes #34171
Closes #25732
Closes #22573
Closes #19346

@gdavison gdavison requested a review from a team as a code owner June 20, 2024 16:24
@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added the size/XL Managed by automation to categorize the size of a PR. label Jun 20, 2024
@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Jun 20, 2024
@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/ecs Issues and PRs that pertain to the ecs service. service/emr Issues and PRs that pertain to the emr service. service/configservice Issues and PRs that pertain to the configservice service. service/elbv2 Issues and PRs that pertain to the elbv2 service. service/apigateway Issues and PRs that pertain to the apigateway service. service/dax Issues and PRs that pertain to the dax service. service/directconnect Issues and PRs that pertain to the directconnect service. service/codebuild Issues and PRs that pertain to the codebuild service. service/cloudtrail Issues and PRs that pertain to the cloudtrail service. service/acm Issues and PRs that pertain to the acm service. service/elb Issues and PRs that pertain to the elb service. service/cloudfront Issues and PRs that pertain to the cloudfront service. service/elasticbeanstalk Issues and PRs that pertain to the elasticbeanstalk service. service/athena Issues and PRs that pertain to the athena service. service/codecommit Issues and PRs that pertain to the codecommit service. service/autoscaling Issues and PRs that pertain to the autoscaling service. service/dynamodb Issues and PRs that pertain to the dynamodb service. service/cloudwatch Issues and PRs that pertain to the cloudwatch service. service/cloudsearch Issues and PRs that pertain to the cloudsearch service. service/efs Issues and PRs that pertain to the efs service. service/budgets Issues and PRs that pertain to the budgets service. service/appsync Issues and PRs that pertain to the appsync service. and removed size/XL Managed by automation to categorize the size of a PR. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. labels Jun 20, 2024
@github-actions github-actions bot added service/cloudfrontkeyvaluestore Issues and PRs that pertain to the cloudfrontkeyvaluestore service. service/datazone Issues and PRs that pertain to the datazone service. service/bcmdataexports Issues and PRs that pertain to the bcmdataexports service. service/chatbot Issues and PRs that pertain to the chatbot service. service/applicationsignals Issues and PRs that pertain to the applicationsignals service. labels Jun 20, 2024
@github-actions GitHub Actions
Copy link

Thank you for your contribution! 🚀

A new usage of AWS SDK for Go V1 was detected. Please prefer AWS SDK for Go V2 for all net-new services. If this is an enhancement or bug fix to an existing AWS SDK Go V1 based resource, this comment can be safely ignored.

For additional information refer to the AWS SDK for Go Versions page in the contributor guide.

ewbankkit
ewbankkit approved these changes Jun 20, 2024
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

@ewbankkit ewbankkit merged commit 393a4d1 into main Jun 20, 2024
41 checks passed
@ewbankkit ewbankkit deleted the b-invalid-fips-endpoints branch June 20, 2024 20:00
@github-actions github-actions bot added this to the v5.55.0 milestone Jun 20, 2024
terraform-aws-provider bot pushed a commit that referenced this pull request Jun 20, 2024
Update CHANGELOG.md for #38057
7f011bd
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.55.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. generators Relates to code generators. service/accessanalyzer Issues and PRs that pertain to the accessanalyzer service. service/account Issues and PRs that pertain to the account service. service/acm Issues and PRs that pertain to the acm service. service/acmpca Issues and PRs that pertain to the acmpca service. service/amp Issues and PRs that pertain to the amp service. service/amplify Issues and PRs that pertain to the amplify service. service/apigateway Issues and PRs that pertain to the apigateway service. service/apigatewayv2 Issues and PRs that pertain to the apigatewayv2 service. service/appautoscaling Issues and PRs that pertain to the appautoscaling service. service/appconfig Issues and PRs that pertain to the appconfig service. service/appfabric Issues and PRs that pertain to the appfabric service. service/appflow Issues and PRs that pertain to the appflow service. service/appintegrations Issues and PRs that pertain to the appintegrations service. service/applicationinsights Issues and PRs that pertain to the applicationinsights service. service/applicationsignals Issues and PRs that pertain to the applicationsignals service. service/appmesh Issues and PRs that pertain to the appmesh service. service/apprunner Issues and PRs that pertain to the apprunner service. service/appstream Issues and PRs that pertain to the appstream service. service/appsync Issues and PRs that pertain to the appsync service. service/athena Issues and PRs that pertain to the athena service. service/auditmanager Issues and PRs that pertain to the auditmanager service. service/autoscaling Issues and PRs that pertain to the autoscaling service. service/autoscalingplans Issues and PRs that pertain to the autoscalingplans service. service/backup Issues and PRs that pertain to the backup service. service/batch Issues and PRs that pertain to the batch service. service/bcmdataexports Issues and PRs that pertain to the bcmdataexports service. service/bedrock Issues and PRs that pertain to the bedrock service. service/bedrockagent Issues and PRs that pertain to the bedrockagent service. service/budgets Issues and PRs that pertain to the budgets service. service/ce Issues and PRs that pertain to the ce service. service/chatbot Issues and PRs that pertain to the chatbot service. service/chime Issues and PRs that pertain to the chime service. service/chimesdkmediapipelines Issues and PRs that pertain to the chimesdkmediapipelines service. service/chimesdkvoice Issues and PRs that pertain to the chimesdkvoice service. service/cleanrooms Issues and PRs that pertain to the cleanrooms service. service/cloud9 Issues and PRs that pertain to the cloud9 service. service/cloudcontrol Issues and PRs that pertain to the cloudcontrol service. service/cloudformation Issues and PRs that pertain to the cloudformation service. service/cloudfront Issues and PRs that pertain to the cloudfront service. service/cloudfrontkeyvaluestore Issues and PRs that pertain to the cloudfrontkeyvaluestore service. service/cloudhsmv2 Issues and PRs that pertain to the cloudhsmv2 service. service/cloudsearch Issues and PRs that pertain to the cloudsearch service. service/cloudtrail Issues and PRs that pertain to the cloudtrail service. service/cloudwatch Issues and PRs that pertain to the cloudwatch service. service/codeartifact Issues and PRs that pertain to the codeartifact service. service/codebuild Issues and PRs that pertain to the codebuild service. service/codecatalyst Issues and PRs that pertain to the codecatalyst service. service/codecommit Issues and PRs that pertain to the codecommit service. service/codeguruprofiler Issues and PRs that pertain to the codeguruprofiler service. service/codegurureviewer Issues and PRs that pertain to the codegurureviewer service. service/codepipeline Issues and PRs that pertain to the codepipeline service. service/codestarconnections Issues and PRs that pertain to the codestarconnections service. service/codestarnotifications Issues and PRs that pertain to the codestarnotifications service. service/cognitoidentity Issues and PRs that pertain to the cognitoidentity service. service/cognitoidp Issues and PRs that pertain to the cognitoidp service. service/comprehend Issues and PRs that pertain to the comprehend service. service/computeoptimizer Issues and PRs that pertain to the computeoptimizer service. service/configservice Issues and PRs that pertain to the configservice service. service/connect Issues and PRs that pertain to the connect service. service/connectcases Issues and PRs that pertain to the connectcases service. service/controltower Issues and PRs that pertain to the controltower service. service/costoptimizationhub Issues and PRs that pertain to the costoptimizationhub service. service/cur Issues and PRs that pertain to the cur service. service/customerprofiles Issues and PRs that pertain to the customerprofiles service. service/dataexchange Issues and PRs that pertain to the dataexchange service. service/datapipeline Issues and PRs that pertain to the datapipeline service. service/datasync Issues and PRs that pertain to the datasync service. service/datazone Issues and PRs that pertain to the datazone service. service/dax Issues and PRs that pertain to the dax service. service/deploy Issues and PRs that pertain to the deploy service. service/detective Issues and PRs that pertain to the detective service. service/devicefarm Issues and PRs that pertain to the devicefarm service. service/devopsguru Issues and PRs that pertain to the devopsguru service. service/directconnect Issues and PRs that pertain to the directconnect service. service/dlm Issues and PRs that pertain to the dlm service. service/dms Issues and PRs that pertain to the dms service. service/docdb Issues and PRs that pertain to the docdb service. service/docdbelastic Issues and PRs that pertain to the docdbelastic service. service/drs Issues and PRs that pertain to the drs service. service/ds Issues and PRs that pertain to the ds service. service/dynamodb Issues and PRs that pertain to the dynamodb service. service/ecr Issues and PRs that pertain to the ecr service. service/ecrpublic Issues and PRs that pertain to the ecrpublic service. service/ecs Issues and PRs that pertain to the ecs service. service/efs Issues and PRs that pertain to the efs service. service/eks Issues and PRs that pertain to the eks service. service/elasticache Issues and PRs that pertain to the elasticache service. service/elasticbeanstalk Issues and PRs that pertain to the elasticbeanstalk service. service/elasticsearch Issues and PRs that pertain to the elasticsearch service. service/elastictranscoder Issues and PRs that pertain to the elastictranscoder service. service/elb Issues and PRs that pertain to the elb service. service/elbv2 Issues and PRs that pertain to the elbv2 service. service/emr Issues and PRs that pertain to the emr service. service/emrcontainers Issues and PRs that pertain to the emrcontainers service. service/emrserverless Issues and PRs that pertain to the emrserverless service. service/events Issues and PRs that pertain to the events service. service/evidently Issues and PRs that pertain to the evidently service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.55.0
2 participants
@gdavison @ewbankkit