Plugin should allow using the FIPS AWS endpoint for FedRAMP compliance

spinnaker-plugins / aws-lambda-deployment-plugin-spinnaker

Spinnaker plugin to support deployment of AWS Lambda functions via Spinnaker pipelines

Apache License 2.0

23 stars 22 forks source link

Plugin should allow using the FIPS AWS endpoint for FedRAMP compliance #80

Open eyal-mor opened 3 years ago

eyal-mor commented 3 years ago

For FedRAMP compliance with AWS, it's required to use the FIPS endpoints provided by AWS to create the lambda resources.

Currently there is no way to deploy a FedRAMP compliant AWS Lambda.

Context:

https://aws.amazon.com/compliance/fips/
https://github.com/spinnaker/clouddriver/blob/master/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/deploy/ops/AbstractLambdaAtomicOperation.java (not way to provide endpoint)

nimakaviani commented 3 years ago

I don't think it is a plugin issue. This appears to require a fix in how the Lambda driver is implemented in clouddriver.

gsapkal commented 3 years ago

This is not lambda specific . The clouddriver needs a way to configure AWS API to use FIPS endpoints for all communication in case of FedRAMP compliant deployments .

nimakaviani commented 3 years ago

agreed. I think we should raise this as an issue in clouddriver repo.