Conversation
reedloden
added
aws
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
reedloden
force-pushed
the
reed/dynamodbstreams-fips-endpoint
branch
2 times, most recently
from
65fd404 to
8aee840
Compare
rosstimothy
left a comment
rosstimothy
left a comment
There was a problem hiding this comment.
Could you please add some tests that validate the behavior change?
|
LGTM but I didn't test it. I think the same issue can happen with AWS Application Auto Scaling though, since it also does not have fips endpoints in non-gov cloud. We use that here: https://github.com/gravitational/teleport/blob/8aee84029b670268d00c7227e49b24345e052117/lib/backend/dynamo/dynamodbbk.go#L348-L360 If you've already tested this could you try setting |
reedloden
force-pushed
the
reed/dynamodbstreams-fips-endpoint
branch
from
8aee840 to
4a50d18
Compare
I flipped the logic so that we only force FIPS endpoints for the services we know support it (mainly DynamoDB in this case). This obliviated the need for extra complexity, so I don't think a separate test is needed. |
Good catch. As mentioned above, I flipped the logic so that we're only forcing FIPS endpoints for DynamoDB in this case (and not DynamoDB Streams or Application Auto Scaling). So, that should address this issue. |
reedloden
force-pushed
the
reed/dynamodbstreams-fips-endpoint
branch
5 times, most recently
from
94050d1 to
e453ffa
Compare
reedloden
force-pushed
the
reed/dynamodbstreams-fips-endpoint
branch
2 times, most recently
from
738777a to
642665f
Compare
reedloden
changed the title
rosstimothy
left a comment
rosstimothy
left a comment
There was a problem hiding this comment.
Tests would still be useful to verify that we are using the correct endpoints to prevent regressions.
reedloden
force-pushed
the
reed/dynamodbstreams-fips-endpoint
branch
from
642665f to
970bca8
Compare
public-teleport-github-review-bot
Bot
removed request for
GavinFrazar,
klizhentas,
nklaassen and
zmb3
…ation Auto Scaling DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard. See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service Regression from #34170. Fixes #34804. Additionally, clean-up a few more AWS session initiations to be consistent and clear.
reedloden
force-pushed
the
reed/dynamodbstreams-fips-endpoint
branch
from
970bca8 to
4a1017b
Compare
|
@reedloden See the table below for backport results.
|
…Application Auto Scaling Backport of #34876. DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard. See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service Regression from #34170. Fixes #34804. Additionally, clean-up a few more AWS session initiations to be consistent and clear.
…Application Auto Scaling Backport of #34876. DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard. See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service Regression from #34170. Fixes #34804. Additionally, clean-up a few more AWS session initiations to be consistent and clear.
4 participants
DynamoDB Streams and Application Auto Scaling do not currently have FIPS endpoints in non-GovCloud, leading to invalid endpoints for FIPS users running in AWS Standard.
See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service
Regression from #34170.
Fixes #34804.
Additionally, clean-up a few more AWS session initiations to be consistent and clear.
changelog: Don't force the use of FIPS endpoints for DynamoDB Streams and Application Auto Scaling