amazon-eks-ami icon indicating copy to clipboard operation
amazon-eks-ami copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Added HTTP Check for FIPS endpoint

Open jeremymcgee73 opened this issue 4 months ago • 2 comments

Issue #, if available: #1984 Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

There is a bug when you have enabled FIPS on the image, in a region with FIPS endpoints, and have VPC endpoints enabled. The issue is that the check implemented in https://github.com/awslabs/amazon-eks-ami/pull/1524 , checks to see if the FIPS endpoint resolves. In an isolated environment, the endpoint does resolve. But, there is not a FIPS enabled ECR VPC endpoint available. I switched the check from being a DNS request, to a HTTP call.

Testing Done I used packer to build an Al2023 node with FIPS enabled to test. I also used the same code in a RHEL build downstream.

See this guide for recommended testing for PRs. Some tests may not apply. Completing tests and providing additional validation steps are not required, but it is recommended and may reduce review time and time to merge.

jeremymcgee73 avatar Oct 03 '24 23:10 jeremymcgee73