Fix SSM endpoint for Gov regions by shreyamalpani · Pull Request #693 · DataDog/datadog-lambda-python
Navigation Menu
- Notifications You must be signed in to change notification settings
- Fork 50
Conversation
What does this PR do?
Overrides the SSM url to be ssm-fips.{REGION}.amazonaws.com only in commercial FIPS mode. Gov endpoints should use the default ssm.{REGION}.amazonaws.com. https://docs.aws.amazon.com/general/latest/gr/ssm.html
Motivation
Customer reported Datadog Forwarder getting API key from SSM in gov region is not working SLES-2580
Testing Guidelines
Additional Notes
Types of Changes
- Bug fix
- New feature
- Breaking change
- Misc (docs, refactoring, dependency upgrade, etc.)
Check all that apply
- This PR's description is comprehensive
- This PR contains breaking changes that are documented in the description
- This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
- This PR impacts documentation, and it has been updated (or a ticket has been logged)
- This PR's changes are covered by the automated tests
- This PR collects user input/sensitive content into Datadog
- This PR passes the integration tests (ask a Datadog member to run the tests)
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Based on aws doc, not all commercial regions support ssm-fips endpoint.
- When the configuration explicitly enabled FIPS mode but the endpoint is not supported, a warning log is needed IMHO.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters