Support S3 FIPS endpoints, disable S3 Transfer Acceleration in GovCloud or FIPS mode #729
Comments
matt-domsch-sp
added a commit
to matt-domsch-sp/carrierwave
that referenced
this issue
Nov 18, 2024
S3 endpoints even when ENV['AWS_USE_FIPS_ENDPOINT']=='true'. When FIPS is called for, and we are in a region where FIPS endpoints are available, this method should return the FIPS endpoint. Furthermore, when S3 Transfer Acceleration (S3TA) is requested by configuration, the above endpoint gets overridden to select the S3TA endpoint. However, S3TA is not avaialble in GovCloud, and has no FIPS endpoint equivalents. In this instance, if the region is a GovCloud region, or if FIPS mode is called for, do not override the endpoint to use S3TA. This is functionally equivalent to an issue submitted to the fog-aws project. fog/fog-aws#729
matt-domsch-sp
added a commit
to matt-domsch-sp/carrierwave
that referenced
this issue
Nov 18, 2024
S3 endpoints even when ENV['AWS_USE_FIPS_ENDPOINT']=='true'. When FIPS is called for, and we are in a region where FIPS endpoints are available, this method should return the FIPS endpoint. Furthermore, when S3 Transfer Acceleration (S3TA) is requested by configuration, the above endpoint gets overridden to select the S3TA endpoint. However, S3TA is not avaialble in GovCloud, and has no FIPS endpoint equivalents. In this instance, if the region is a GovCloud region, or if FIPS mode is called for, do not override the endpoint to use S3TA. This is functionally equivalent to an issue submitted to the fog-aws project. fog/fog-aws#729
matt-domsch-sp
added a commit
to matt-domsch-sp/carrierwave
that referenced
this issue
Nov 18, 2024
S3 endpoints even when ENV['AWS_USE_FIPS_ENDPOINT']=='true'. When FIPS is called for, and we are in a region where FIPS endpoints are available, this method should return the FIPS endpoint. Furthermore, when S3 Transfer Acceleration (S3TA) is requested by configuration, the above endpoint gets overridden to select the S3TA endpoint. However, S3TA is not avaialble in GovCloud, and has no FIPS endpoint equivalents. In this instance, if the region is a GovCloud region, or if FIPS mode is called for, do not override the endpoint to use S3TA. This is functionally equivalent to an issue submitted to the fog-aws project. fog/fog-aws#729
matt-domsch-sp
added a commit
to matt-domsch-sp/carrierwave
that referenced
this issue
Nov 18, 2024
S3 endpoints even when ENV['AWS_USE_FIPS_ENDPOINT']=='true'. When FIPS is called for, and we are in a region where FIPS endpoints are available, this method should return the FIPS endpoint. Furthermore, when S3 Transfer Acceleration (S3TA) is requested by configuration, the above endpoint gets overridden to select the S3TA endpoint. However, S3TA is not avaialble in GovCloud, and has no FIPS endpoint equivalents. In this instance, if the region is a GovCloud region, or if FIPS mode is called for, do not override the endpoint to use S3TA. This is functionally equivalent to an issue submitted to the fog-aws project. fog/fog-aws#729
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Fog::AWS::Utils region_to_host method returns the standard S3 endpoints even when
ENV['AWS_USE_FIPS_ENDPOINT']=='true'.When FIPSis called for, and we are in a region where FIPS endpoints are
available, this method should return the FIPS endpoint.
Furthermore, when S3 Transfer Acceleration (S3TA) is requested by
configuration, the above endpoint gets overridden to select the S3TA
endpoint. However, S3TA is not avaialble in GovCloud, and has no FIPS
endpoint equivalents. In this instance, if the region is a GovCloud
region, or if FIPS mode is called for, do not override the endpoint
to use S3TA.
I have a first pass at adding this functionality here for consideration.
#730
The text was updated successfully, but these errors were encountered: