aws-sdk-ios icon indicating copy to clipboard operation
aws-sdk-ios copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

S3 Client Cannot Use FIPS Endpoints for All Regions

Open bennnjamin opened this issue 5 years ago • 2 comments

Describe the bug The S3 portion of the SDK does not work with FIPS compliant endpoints. From docs here: https://aws.amazon.com/compliance/fips/

Note: These Endpoints can only be used with Virtual Hosted-Style addressing. For example: https://bucket.s3-fips.us-east-2.amazonaws.com. Visit the Amazon S3 Documentation page for more information.

Making the SDK compliant with virtual host addressing should be a top priority. At this point, I would consider this a bug, not a feature request, because the SDK does not properly interoperate with AWS S3 FIPS endpoints according to the spec from AWS.

To Reproduce Create an S3 client. Point it to one of the FIPS compliant endpoints here https://aws.amazon.com/compliance/fips/ and create and send a simple request like HEAD. The request uses path style instead of virtual host style.

Which AWS service(s) are affected? S3

Expected behavior The request should succeed.

Screenshots N/A

Environment(please complete the following information):

  • SDK Version: Latest
  • Dependency Manager: CocoaPods
  • Swift Version : 4.2/5

Device Information (please complete the following information):

  • Device: Appears on both Simulators and Device
  • iOS Version: Latest
  • Specific to simulators: No

Additional context #1535

bennnjamin avatar Dec 13 '19 20:12 bennnjamin

@palpatim was this issue addressed in https://github.com/aws-amplify/aws-sdk-ios/pull/2996?

drochetti avatar Oct 21 '20 00:10 drochetti

@drochetti @palpatim According to the release notes at https://github.com/aws-amplify/aws-sdk-ios/releases/tag/2.17.0, configuring a client with a FIPS endpoint will not use virtual host style URLs. Are there any plans to make this SDK compatible with FIPS endpoints?

bennnjamin avatar Aug 31 '21 21:08 bennnjamin

Apologies for the delay. Our team is actively prioritizing and working on issues. We will provide an update as soon as we have one on the issue.

harsh62 avatar Oct 03 '23 15:10 harsh62

I was able to successfully use an S3 FIPS endpoint to upload data to a bucket using the latests version of the SDK:

let region = //...
let credentialsProvider = //...
let s3Client = AWSS3(configuration: .init(
    region: region,
    endpoint: .init(
        region: region,
        service: .S3,
        url: URL(string: "https://s3-fips.dualstack.us-east-1.amazonaws.com")
    ),
    credentialsProvider: credentialsProvider
))

// ...
let request = AWSS3PutObjectRequest()!
request.bucket = //...
request.key = //...
request.body = //...
request.contentLength = //...
let task = s3Client.putObject(request)

I'm closing this issue, as the previous limitation regarding custom-endpoints no longer applies and you should be able to use FIPS endpoints with the S3 client.

Should you face a problem, please open a new issue. Thanks!

ruisebas avatar Jan 09 '24 22:01 ruisebas