-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding FIPS 140-2 Support to EKS AMI #898
Conversation
cdb1629
to
95c6f83
Compare
This adds support for enabling FIPS 140-2 mode in the Kernel. FIPS 140-2 is required by customers looking to achieve FedRAMP and/or DoD CC SRG compliance. This brings awslabs#513 up to date with the latest master.
95c6f83
to
2d11350
Compare
It seems https://github.com/aws-samples/amazon-eks-custom-amis/blob/10a7d51686982cb67f7695f72cac74e41eaa7eed/files/functions.sh#L459-L481 might already do this for RHEL. |
You'll need to update the pause container to be fulled from the |
I've been told that that repo is not maintained. So it might work but isn't permanent and won't get updated. Unless AWS can give maintainer permissions to people outside AWS. |
Addresses awslabs#1002. Description of Changes: Based on awslabs#1028 which was based on awslabs#898. This change adds a new variable called `enable_fips_mode` which will install openssl and enable fips mode as a kernel paramter on boot. Additionally fips mode can be enabled while running make by setting `fips=true` on the command line which will add `-fips` to the ami name and set `enable_fips_mode` to `true` when building.
Addresses awslabs#1002. Description of Changes: Based on awslabs#1028 which was based on awslabs#898. This change adds a new variable called `enable_fips` which will install openssl and enable fips mode as a kernel paramter on boot. Additionally fips mode can be enabled while running make by setting `fips=true` on the command line which will add `-fips` to the ami name and set `enable_fips` to `true` when building.
Addresses awslabs#1002. Description of Changes: Based on awslabs#1028 which was based on awslabs#898. This change adds a new variable called `enable_fips` which will install openssl and enable fips mode as a kernel paramter on boot. Additionally fips mode can be enabled while running make by setting `fips=true` on the command line which will add `-fips` to the ami name and set `enable_fips` to `true` when building.
Addresses awslabs#1002. Description of Changes: Based on awslabs#1028 which was based on awslabs#898. This change adds a new variable called `enable_fips` which will install openssl and enable fips mode as a kernel paramter on boot. Additionally fips mode can be enabled while running make by setting `fips=true` on the command line which will add `-fips` to the ami name and set `enable_fips` to `true` when building.
Addresses awslabs#1002. Description of Changes: Based on awslabs#1028 which was based on awslabs#898. This change adds a new variable called `enable_fips` which will install openssl and enable fips mode as a kernel paramter on boot. Additionally fips mode can be enabled while running make by setting `enable_fips=true` on the command line which will add `-fips` to the ami name and set `enable_fips` to `true` when building.
Addresses awslabs#1002. Description of Changes: Based on awslabs#1028 which was based on awslabs#898. This change adds a new variable called `enable_fips` which will install openssl and enable fips mode as a kernel paramter on boot. Additionally fips mode can be enabled while running make by setting `enable_fips=true` on the command line which will add `-fips` to the ami name and set `enable_fips` to `true` when building.
Addresses awslabs#1002. Description of Changes: Based on awslabs#1028 which was based on awslabs#898. This change adds a new variable called `enable_fips` which will install openssl and enable fips mode as a kernel paramter on boot. Additionally fips mode can be enabled while running make by setting `enable_fips=true` on the command line which will add `-fips` to the ami name and set `enable_fips` to `true` when building.
This is implemented in #1458. |
Issue #, if available:
Description of changes:
This adds support for enabling FIPS 140-2 mode in the Kernel. FIPS 140-2 is required by customers looking to achieve FedRAMP and/or DoD CC SRG compliance.
This brings up to date with the latest master.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.