Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow non-FIPS endpoints on FIPS binaries #51924

Merged
merged 6 commits into from
Feb 11, 2025
Merged

feat: Allow non-FIPS endpoints on FIPS binaries #51924

merged 6 commits into from
Feb 11, 2025
+484 −56

Conversation

codingllama
Copy link
Contributor

@codingllama codingllama commented Feb 6, 2025
edited
Loading

Allow FIPS binaries to use non-FIPS AWS endpoints of STS and DynamoDB. Useful for running in AWS regions that lack some of the FIPS services, but mostly ill-advised - talk to your FIPS auditors first.

The "escape hatch" is the TELEPORT_UNSTABLE_DISABLE_AWS_FIPS environment variable. Set it to yes|true|1 to enable it: TELEPORT_UNSTABLE_DISABLE_AWS_FIPS=yes.

"Forward"-port of #51932.

Changelog: Added an escape hatch to allow non-FIPS AWS endpoints on FIPS binaries (TELEPORT_UNSTABLE_DISABLE_AWS_FIPS=yes).

@codingllama codingllama changed the title Codingllama/aws sts fips feat: Add an escape hatch for non-FIPS STS on FIPS binaries Feb 6, 2025
@codingllama codingllama force-pushed the codingllama/aws-sts-fips branch from cf93ae6 to c44de74 Compare February 6, 2025 21:12
@codingllama codingllama mentioned this pull request Feb 10, 2025
Closed
@codingllama codingllama changed the title feat: Add an escape hatch for non-FIPS STS on FIPS binaries feat: Allow non-FIPS endpoints on FIPS binaries Feb 10, 2025
@codingllama codingllama force-pushed the codingllama/aws-sts-fips branch 2 times, most recently from 127591b to 9858f97 Compare February 10, 2025 17:15
@codingllama codingllama marked this pull request as ready for review February 10, 2025 17:29
@github-actions github-actions bot added application-access audit-log Issues related to Teleports Audit Log database-access Database access related issues and PRs discovery kubernetes-access size/md labels Feb 10, 2025
@codingllama codingllama requested review from vapopov and removed request for creack February 10, 2025 17:31
@codingllama
Copy link
Contributor Author

Setting roughly the same reviewers as #51932.

@codingllama
Copy link
Contributor Author

e/ follow up: https://github.com/gravitational/teleport.e/pull/6036

@codingllama codingllama force-pushed the codingllama/aws-sts-fips branch from 9858f97 to 312cbde Compare February 11, 2025 17:11
@codingllama codingllama mentioned this pull request Feb 11, 2025
Merged
@codingllama
Copy link
Contributor Author

Thanks, everyone! Fixing forbidigo lint woes, will queue soon. I'll also cherry-pick any changes to the v15 PR (#51932).

@codingllama codingllama added this pull request to the merge queue Feb 11, 2025
Merged via the queue into master with commit 7f0c4e9 Feb 11, 2025
43 checks passed
@codingllama codingllama deleted the codingllama/aws-sts-fips branch February 11, 2025 23:05
@public-teleport-github-review-bot
Copy link

@codingllama See the table below for backport results.

Branch Result
branch/v16 Failed
branch/v17 Failed

@codingllama codingllama mentioned this pull request Feb 12, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nklaassen nklaassen nklaassen approved these changes

@GavinFrazar GavinFrazar GavinFrazar approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
application-access audit-log Issues related to Teleports Audit Log backport/branch/v16 backport/branch/v17 database-access Database access related issues and PRs discovery kubernetes-access size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@codingllama @nklaassen @GavinFrazar @rosstimothy