search

aws / amazon-ecs-service-connect-agent

Amazon ECS Service Connect Agent
Apache License 2.0
27 stars 10 forks source link

Support fips mode in US GovCloud regions #37

Closed suniltheta closed 1 year ago

suniltheta commented 1 year ago

In US GovCloud regions the Envoy image has to be fips compatible. However, unlike US & CA commercial regions the FIPS xDS endpoint for AppMesh in US GovCloud will not have -fips suffix for time being.

Summary

Reach out to the appropriate endpoint in GovCloud region. If non-FIPS image is used in GovCloud it will return error. Meanwhile this can be overridden by specifying APPMESH_XDS_ENDPOINT.

Testing

New tests cover the changes: yes

Description for the changelog

Support fips mode in US GovCloud regions

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

suniltheta commented 1 year ago

holding on to this change, until a decision is made whether AppMesh xDS endpoint is going to have -fips suffix to GovCloud.

Ongoing discussion with fips team.

This change is ready for review.