amazon-eks-ami icon indicating copy to clipboard operation
amazon-eks-ami copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Adding FIPS 140-2 Support to EKS AMI

Open stanhu opened this issue 2 years ago • 3 comments

Issue #, if available:

Description of changes:

This adds support for enabling FIPS 140-2 mode in the Kernel. FIPS 140-2 is required by customers looking to achieve FedRAMP and/or DoD CC SRG compliance.

This brings up to date with the latest master.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

stanhu avatar Apr 11 '22 19:04 stanhu

It seems https://github.com/aws-samples/amazon-eks-custom-amis/blob/10a7d51686982cb67f7695f72cac74e41eaa7eed/files/functions.sh#L459-L481 might already do this for RHEL.

stanhu avatar Apr 14 '22 04:04 stanhu

You'll need to update the pause container to be fulled from the ecr-fips endpoint, otherwise the connection to get the container won't be FIPS-compliant: https://github.com/awslabs/amazon-eks-ami/issues/1007

seanorama avatar Aug 25 '22 21:08 seanorama

It seems aws-samples/amazon-eks-custom-amis@10a7d51/files/functions.sh#L459-L481 might already do this for RHEL.

I've been told that that repo is not maintained. So it might work but isn't permanent and won't get updated. Unless AWS can give maintainer permissions to people outside AWS.

seanorama avatar Aug 25 '22 21:08 seanorama

This is implemented in #1458.

cartermckinnon avatar Oct 11 '23 06:10 cartermckinnon