Trying to figure out whether enabling FIPS 140-2 mode (crypto.fips_enabled = 1
) on ECS Fargate Task in AWS GovCloud is at all possible?
The AWS ECS service shows up as a FedRAMP High compliant, so it would be easy to assume that all Fargate host machines are running in FIPS mode by default. However, when I ran a Fargate task and check for fips availability, it comes out as 0 (disabled).
Given that FIPS mode is a kernel feature, I am guessing is there still a way to turn it on? Or maybe there is a task config option that would let me run my container on a FIPS-enabled host?
Please advise.
From this long-languishing enhancement request, it does not appear possible now.
[ECS] [request]: FIPS support for containers running in Fargate #659