amazon-web-servicesfipsaws-fargate

Is FIPS mode on ECS Fargate Tasks in AWS GovCloud possible?


Trying to figure out whether enabling FIPS 140-2 mode (crypto.fips_enabled = 1) on ECS Fargate Task in AWS GovCloud is at all possible?

AWS Fargate on GovCloud is FedRAMP High Compliant

The AWS ECS service shows up as a FedRAMP High compliant, so it would be easy to assume that all Fargate host machines are running in FIPS mode by default. However, when I ran a Fargate task and check for fips availability, it comes out as 0 (disabled).

Given that FIPS mode is a kernel feature, I am guessing is there still a way to turn it on? Or maybe there is a task config option that would let me run my container on a FIPS-enabled host?

Please advise.


Solution

  • From this long-languishing enhancement request, it does not appear possible now.

    [ECS] [request]: FIPS support for containers running in Fargate #659