Giters

aws / aws-sdk-go

AWS SDK for the Go programming language.

Home Page:http://aws.amazon.com/sdk-for-go/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

no quicksight fips endpoint configuration for aws-us-gov partition

seanlogan-wh opened this issue · comments

commented

Describe the bug

setting UseFIPSEndpoint does not work for quicksight in the us-gov partition

Expected Behavior

the fips endpoint should be used

Current Behavior

The non fips url is used

Reproduction Steps

Steps in this previous issue

#4796

Possible Solution

Add fips endpoint to the endpoint.json

aws-sdk-go/models/endpoints/endpoints.json

Line 23229 in 592707c

"quicksight" : {

Additional Information/Context

There is now a fips endpoint available for quicksight in the us-gov-west-1 region

https://aws.amazon.com/compliance/fips/

SDK version used

v1.45.19

Environment details (Version of Go (go version)? OS name and version, etc.)

go version go1.20.3 darwin/amd64

commented

Hi @seanlogan-wh ,

The SDK does support the new FIPS endpoint for us gov partitions:

package main

import (
	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/endpoints"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/quicksight"
)

func main() {
	sess, err := session.NewSession(&aws.Config{
		Region:          aws.String("us-gov-west-1"),
		UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
		LogLevel:        aws.LogLevel(aws.LogDebugWithHTTPBody),
	})
	if err != nil {
		panic(err)
	}

	svc := quicksight.New(sess)
	_, err = svc.ListDashboards(&quicksight.ListDashboardsInput{
		AwsAccountId: aws.String("1231331212123"),
	})
	if err != nil {
		panic(err)
	}
}
---[ REQUEST POST-SIGN ]-----------------------------
GET /accounts/1231331212123/dashboards HTTP/1.1
Host: quicksight-fips.us-gov-west-1.amazonaws.com     <---- correct endpoint
User-Agent: aws-sdk-go/1.45.20 (go1.19.1; darwin; arm64)
Authorization: AWS4-HMAC-SHA256 Credential=REDACTED/20231010/us-gov-west-1/quicksight/aws4_request, SignedHeaders=host;x-amz-date, Signature=REDACTED
X-Amz-Date: 20231010T203700Z
Accept-Encoding: gzip

Thanks,
Ran~

commented

Thanks for the response. looks like i had an overriding config that was unsetting that flag.

commented

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.