Skip to content

[v14] Disable AWS IMDSv1 fallback and enforce use of FIPS endpoints#34433

Merged
reedloden merged 1 commit intobranch/v14from
bot/backport-34170-branch/v14
Nov 16, 2023
Merged

[v14] Disable AWS IMDSv1 fallback and enforce use of FIPS endpoints#34433
reedloden merged 1 commit intobranch/v14from
bot/backport-34170-branch/v14

Conversation

@reedloden
Copy link
Copy Markdown
Contributor

@reedloden reedloden commented Nov 9, 2023

Backport #34170 to branch/v14

@reedloden
Disable AWS IMDSv1 fallback and enforce use of FIPS endpoints
fb4e20a 
Two changes to AWS SDK usage:

Teleport should never use AWS IMDSv1 for requests, so disable the
ability to fallback to it, as it could be a malicious attempt to
downgrade security.

Teleport generally prefers FIPS endpoints when in FIPS mode, but
there were a few places that were not selecting the FIPS endpoints.
Ensure that the FIPS endpoints if BoringCrypto is being used.
@reedloden reedloden self-assigned this Nov 9, 2023
@github-actions github-actions Bot added application-access audit-log Issues related to Teleports Audit Log backport size/sm labels Nov 9, 2023
@reedloden reedloden added this pull request to the merge queue Nov 16, 2023
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Nov 16, 2023
@reedloden reedloden added this pull request to the merge queue Nov 16, 2023
Merged via the queue into branch/v14 with commit d135b59 Nov 16, 2023
@reedloden reedloden deleted the bot/backport-34170-branch/v14 branch November 16, 2023 20:33
@camscale camscale mentioned this pull request Nov 16, 2023
Merged
@BrewTestBot BrewTestBot mentioned this pull request Nov 17, 2023
Merged
@tunguyen9889 tunguyen9889 mentioned this pull request Nov 20, 2023
Closed
@r0mant r0mant mentioned this pull request Nov 29, 2023
Closed
@reedloden reedloden mentioned this pull request Nov 29, 2023
Merged
reedloden added a commit that referenced this pull request Nov 29, 2023
@reedloden
Revert "[v14] Disable AWS IMDSv1 fallback and enforce use of FIPS end…
02e2c45 
…points"

This reverts commit fb4e20a (#34433).

After discussion, keeping this change on `master` only, as it has
already caused one customer regression (#34804).
github-merge-queue Bot pushed a commit that referenced this pull request Nov 30, 2023
@reedloden
Revert "[v14] Disable AWS IMDSv1 fallback and enforce use of FIPS end…
f1b59ac 
…points" (#35169)

This reverts commit fb4e20a (#34433).

After discussion, keeping this change on `master` only, as it has
already caused one customer regression (#34804).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nklaassen nklaassen nklaassen approved these changes

@GavinFrazar GavinFrazar GavinFrazar approved these changes

+1 more reviewer

@jentfoo jentfoo jentfoo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@reedloden reedloden

Labels

application-access audit-log Issues related to Teleports Audit Log backport size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@reedloden @jentfoo @nklaassen @GavinFrazar