Skip to content

[v14] Disable AWS IMDSv1 fallback and enforce use of FIPS endpoints#34433

Merged
reedloden merged 1 commit intobranch/v14from
bot/backport-34170-branch/v14
Nov 16, 2023
Merged

[v14] Disable AWS IMDSv1 fallback and enforce use of FIPS endpoints#34433
reedloden merged 1 commit intobranch/v14from
bot/backport-34170-branch/v14

Conversation

@reedloden
Copy link
Copy Markdown
Contributor

Backport #34170 to branch/v14

Two changes to AWS SDK usage:

Teleport should never use AWS IMDSv1 for requests, so disable the
ability to fallback to it, as it could be a malicious attempt to
downgrade security.

Teleport generally prefers FIPS endpoints when in FIPS mode, but
there were a few places that were not selecting the FIPS endpoints.
Ensure that the FIPS endpoints if BoringCrypto is being used.
@reedloden reedloden self-assigned this Nov 9, 2023
@github-actions github-actions Bot added application-access audit-log Issues related to Teleports Audit Log backport size/sm labels Nov 9, 2023
@reedloden reedloden added this pull request to the merge queue Nov 16, 2023
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Nov 16, 2023
@reedloden reedloden added this pull request to the merge queue Nov 16, 2023
Merged via the queue into branch/v14 with commit d135b59 Nov 16, 2023
@reedloden reedloden deleted the bot/backport-34170-branch/v14 branch November 16, 2023 20:33
@camscale camscale mentioned this pull request Nov 16, 2023
reedloden added a commit that referenced this pull request Nov 29, 2023
…points"

This reverts commit fb4e20a (#34433).

After discussion, keeping this change on `master` only, as it has
already caused one customer regression (#34804).
github-merge-queue Bot pushed a commit that referenced this pull request Nov 30, 2023
…points" (#35169)

This reverts commit fb4e20a (#34433).

After discussion, keeping this change on `master` only, as it has
already caused one customer regression (#34804).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

application-access audit-log Issues related to Teleports Audit Log backport size/sm

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants