search

aws / aws-sdk-java

The official AWS SDK for Java 1.x. The AWS SDK for Java 2.x is available here: https://github.com/aws/aws-sdk-java-v2/
https://aws.amazon.com/sdkforjava
Apache License 2.0
4.11k stars 2.83k forks source link

Resourcegroupstaggingapi error when running on FIPS #3128

Closed penglerts closed 1 week ago

penglerts commented 2 weeks ago

Upcoming End-of-Support

Describe the bug

When we set -Daws.useFipsEndpoint=true then we have exception Caused by: java.net.UnknownHostException: tagging-fips.eu-west-2.amazonaws.com (calling e.g. software.amazon.awssdk.services.resourcegroupstaggingapi.ResourceGroupsTaggingApiAsyncClient#getResources ).

Is this endpoint coreect? it is set automatically by SDK.

Expected Behavior

FIPS endpoint works

Current Behavior

UnknownHostException

Reproduction Steps

set -Daws.useFipsEndpoint=true and call software.amazon.awssdk.services.resourcegroupstaggingapi.ResourceGroupsTaggingApiAsyncClient#getResources

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

software.amazon.awssdk.resourcegroupstaggingapi:2.26.12

JDK version used

openjdk version "21.0.1" 2023-10-17 LTS

Operating System and version

ubuntu

debora-ito commented 2 weeks ago

The Resource Groups Tagging service doesn't have a FIPS endpoint, according to the service Endpoints and Quota page: https://docs.aws.amazon.com/general/latest/gr/arg.html

The SDK will construct the FIPS endpoint based on the normal endpoint for that service, and use it in the client, but it doesn't know if the FIPS endpoint exists or not.

Another reference is the list of available FIPS endpoints by service - https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service