search

awslabs / aws-config-rdklib

Python library to enable you to run custom AWS Config Rules at scale, using Lambda Layer.
Apache License 2.0
94 stars 26 forks source link

Support FIPS endpoints in ClientFactory #67

Open andrew-m-h opened 11 months ago

andrew-m-h commented 11 months ago

the ClientFactory class currently uses STS Regional Endpoints for getting credentials which is 👍 However there is no way to configure the client to use FIPS endpoints. This line in the clientfactory.get_assume_role_credentials function is the cause of the issue:

assume_role_response = boto3.client('sts', region_name=region, endpoint_url="https://sts." + region + ".amazonaws.com").assume_role(RoleArn=role_arn,RoleSessionName="configLambdaExecution",DurationSeconds=CONFIG_ROLE_TIMEOUT_SECONDS)
bmorrissirromb commented 7 months ago

Whenever this gets looked at, we should also see if we can add rdklib in SAR for GovCloud.