Doing a normal putObject request that used to work on a regular amazon ec2 deployment now no longer works when running on an ec2 instance in gov cloud. The error response is
error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips
Does anyone have any idea how to get around this issue?
I opened a ticket with aws-sdk-js - I think it is because their library uses some internal crypto instead of the fips enabled crypto on the ec2 instance.
Download works fine (probably because there is no md5 hash being created?). putObject is the only problem at the moment.
AWS GovCloud uses FIPS 140-2 validated cryptographic modules to support compliance with FIPS 140-2 in all HTTPS endpoints unless otherwise noted.
Amazon S3 in GovCloud provides both FIPS and Non-FIPS endpoints
FIPS: s3-fips.us-gov-west-1.amazonaws.com, s3.dualstack.us-gov-west-1.amazonaws.com
Non-FIPS: s3.us-gov-west-1.amazonaws.com
I‘m not familiar with the implementation specifics of the SDK you’re using, but using the non-FIPS endpoint might solve the issue (in case FIPS isn’t a requirement for the data you want to store).
You can find more info about the various service endpoints here and about the differences in S3 on GovCloud here.