Posted On: May 12, 2021

We are happy to announce that all AWS Federal Information Processing Standard (FIPS) endpoints have been updated to only accept a minimum of Transport Layer Security (TLS) 1.2 connections. This update ensures that our customers who run regulated workloads can meet FedRAMP compliance requirements that mandate a minimum of TLS 1.2 encryption for data in transit. Attempts to connect to AWS FIPS endpoints using TLS 1.0 or TLS 1.1 will result in an HTTP response 503 Service Unavailable error.

If you are using a script to automate creation of Amazon Elastic Block Store (EBS) snapshots, such as the AWS CLI or the AWS Tools for Windows PowerShell, please confirm that your most recent snapshots have been successfully created. This is especially important in the AWS GovCloud (US) Regions, where some AWS services continued to detect customers using the outdated TLS versions at the time of the TLS 1.2 policy update.

To learn more, see the recent AWS Security blog post on this topic.