Федеральный стандарт по обработке информации (FIPS) 140-2
Обзор
Федеральный стандарт обработки информации (FIPS), публикация 140‑2 – это государственный стандарт США и Канады, определяющий требования к безопасности криптографических модулей для защиты конфиденциальных данных. Если при доступе к регионам AWS Восток / Запад США, AWS GovCloud (США) или AWS Канада (Центр) через интерфейс командной строки (CLI) или программно с помощью API требуется использование криптографических модулей, проверенных на соответствие FIPS 140‑2, далее в соответствующих разделах приведен список доступных адресов, проверенных на соответствие FIPS (по регионам AWS). URL серверов VPN Amazon Virtual Private Cloud в регионе AWS GovCloud (US) функционируют с использованием проверенных на соответствие FIPS 140-2 модулей шифрования. AWS взаимодействует с клиентами, чтобы предоставить им нужную информацию для обеспечения соответствия требованиям при работе в регионах AWS Восток / Запад США, AWS GovCloud (США) или AWS Канада (Центр). Дополнительную информацию о стандарте см. на странице Cryptographic Module Validation Program веб‑сайта Центра ресурсов по компьютерной безопасности NIST.
-
Какие адреса в регионах AWS Восток и Запад США проверены на соответствие FIPS?
В следующей таблице перечислены все проверенные на соответствие FIPS адреса, которые доступны для различных сервисов AWS в регионах AWS Восток и Запад США.
Сервис AWS URL серверов в регионах AWS Восток/Запад США Amazon API Gateway apigateway-fips.us-west-1.amazonaws.com
apigateway-fips.us-west-2.amazonaws.com
apigateway-fips.us-east-2.amazonaws.com
apigateway-fips.us-east-1.amazonaws.com
Amazon AppStream 2.0 appstream2-fips.us-east-1.amazonaws.com
appstream2-fips.us-west-2.amazonaws.com
Amazon Cloud Directory clouddirectory-fips.us-west-1.amazonaws.com
clouddirectory-fips.us-east-2.amazonaws.com
clouddirectory-fips.us-east-1.amazonaws.com
AWS CloudFormation cloudformation-fips.us-east-1.amazonaws.com
cloudformation-fips.us-east-2.amazonaws.com
cloudformation-fips.us-west-1.amazonaws.com
cloudformation-fips.us-west-2.amazonaws.com
AWS CloudTrail cloudtrail-fips.us-west-1.amazonaws.com
cloudtrail-fips.us-west-2.amazonaws.com
cloudtrail-fips.us-east-2.amazonaws.com
cloudtrail-fips.us-east-1.amazonaws.com
AWS CodeCommit git-codecommit-fips.us-east-1.amazonaws.com
codecommit-fips.us-east-1.amazonaws.com
git-codecommit-fips.us-east-2.amazonaws.com
codecommit-fips.us-east-2.amazonaws.com
git-codecommit-fips.us-west-1.amazonaws.com
codecommit-fips.us-west-1.amazonaws.com
git-codecommit-fips.us-west-2.amazonaws.com
codecommit-fips.us-west-2.amazonaws.com
Amazon Cognito cognito-sync-fips.us-west-2.amazonaws.com
cognito-identity-fips.us-west-2.amazonaws.com
cognito-idp-fips.us-west-2.amazonaws.com
<домен_вашего_пула_пользователей>.auth-fips.us-west-2.amazoncognito.com
cognito-sync-fips.us-east-2.amazonaws.com
cognito-identity-fips.us-east-2.amazonaws.com
cognito-idp-fips.us-east-2.amazonaws.com
<домен_вашего_пула_пользователей>.auth-fips.us-east-2.amazoncognito.com
cognito-sync-fips.us-east-1.amazonaws.com
cognito-identity-fips.us-east-1.amazonaws.com
cognito-idp-fips.us-east-1.amazonaws.com
<домен_вашего_пула_пользователей>.auth-fips.us-east-1.amazoncognito.com
AWS Config config-fips.us-west-1.amazonaws.com
config-fips.us-west-2.amazonaws.com
config-fips.us-east-2.amazonaws.com
config-fips.us-east-1.amazonaws.com
AWS Database Migration Service (DMS) dms-fips.us-west-1.amazonaws.com
dms-fips.us-west-2.amazonaws.com
dms-fips.us-east-2.amazonaws.com
dms-fips.us-east-1.amazonaws.com
AWS Directory Service ds-fips.us-west-1.amazonaws.com
ds-fips.us-west-2.amazonaws.com
ds-fips.us-east-2.amazonaws.com
ds-fips.us-east-1.amazonaws.com
Amazon DynamoDB dynamodb-fips.us-west-1.amazonaws.com
dynamodb-fips.us-west-2.amazonaws.com
dynamodb-fips.us-east-2.amazonaws.com
dynamodb-fips.us-east-1.amazonaws.com
AWS Elastic Beanstalk elasticbeanstalk-fips.us-east-1.amazonaws.com
elasticbeanstalk-fips.us-east-2.amazonaws.com
elasticbeanstalk-fips.us-west-1.amazonaws.com
elasticbeanstalk-fips.us-west-2.amazonaws.com
Amazon Elastic Block Store (EBS) Использует EC2 напрямую Amazon Elastic Compute Cloud (EC2) ec2-fips.us-west-1.amazonaws.com
ec2-fips.us-west-2.amazonaws.com
ec2-fips.us-east-2.amazonaws.com
ec2-fips.us-east-1.amazonaws.com
Amazon Elastic Container Registry ecr-fips.us-west-1.amazonaws.com
ecr-fips.us-west-2.amazonaws.com
ecr-fips.us-east-2.amazonaws.com
ecr-fips.us-east-1.amazonaws.com
*.dkr.ecr-fips.us-west-1.amazonaws.com
*.dkr.ecr-fips.us-west-2.amazonaws.com
*.dkr.ecr-fips.us-east-2.amazonaws.com
*.dkr.ecr-fips.us-east-1.amazonaws.com
Amazon ElastiCache elasticache-fips.us-east-1.amazonaws.com
elasticache-fips.us-east-2.amazonaws.com
elasticache-fips.us-west-1.amazonaws.com
elasticache-fips.us-west-2.amazonaws.comElastic Load Balancing elasticloadbalancing-fips.us-west-1.amazonaws.com
elasticloadbalancing-fips.us-west-2.amazonaws.com
elasticloadbalancing-fips.us-east-2.amazonaws.com
elasticloadbalancing-fips.us-east-1.amazonaws.com
Amazon Elasticsearch es-fips.us-west-1.amazonaws.com
es-fips.us-west-2.amazonaws.com
es-fips.us-east-1.amazonaws.com
es-fips.us-east-2.amazonaws.comAmazon EMR (Amazon EMR) elasticmapreduce-fips.us-west-1.amazonaws.com
elasticmapreduce-fips.us-west-2.amazonaws.com
elasticmapreduce-fips.us-east-1.amazonaws.com
elasticmapreduce-fips.us-east-2.amazonaws.com
Amazon Glacier glacier-fips.us-west-1.amazonaws.com
glacier-fips.us-west-2.amazonaws.com
glacier-fips.us-east-2.amazonaws.com
glacier-fips.us-east-1.amazonaws.com
Amazon GuardDuty guardduty-fips.us-east-1.amazonaws.com
guardduty-fips.us-west-1.amazonaws.com
guardduty-fips.us-east-2.amazonaws.com
guardduty-fips.us-west-2.amazonaws.com
AWS Identity and Access Management (IAM) iam-fips.amazonaws.com (только регион IAD) Amazon Inspector inspector-fips.us-west-1.amazonaws.com
inspector-fips.us-west-2.amazonaws.com
inspector-fips.us-east-1.amazonaws.com
Amazon Kinesis Streams kinesis-fips.us-west-1.amazonaws.com
kinesis-fips.us-west-2.amazonaws.com
kinesis-fips.us-east-2.amazonaws.com
kinesis-fips.us-east-1.amazonaws.com
AWS Key Management Service (KMS) kms-fips.us-west-1.amazonaws.com
kms-fips.us-west-2.amazonaws.com
kms-fips.us-east-2.amazonaws.com
kms-fips.us-east-1.amazonaws.com
AWS Lambda
lambda-fips.us-west-1.amazonaws.com
lambda-fips.us-west-2.amazonaws.com
lambda-fips.us-east-2.amazonaws.com
lambda-fips.us-east-1.amazonaws.com
Amazon MQ mq-fips.us-east-1.amazonaws.com
mq-fips.us-east-2.amazonaws.com
mq-fips.us-west-1.amazonaws.com
mq-fips.us-west-2.amazonaws.com
Amazon QuickSight
fips-us-west-2.quicksight.aws.amazon.com
fips-us-east-2.quicksight.aws.amazon.com
fips-us-east-1.quicksight.aws.amazon.com
Amazon Relational Database Service (RDS) / Amazon Aurora rds-fips.us-west-1.amazonaws.com
rds-fips.us-west-2.amazonaws.com
rds-fips.us-east-2.amazonaws.com
rds-fips.us-east-1.amazonaws.com
Amazon Redshift
redshift-fips.us-west-1.amazonaws.com
redshift-fips.us-west-2.amazonaws.com
redshift-fips.us-east-2.amazonaws.com
redshift-fips.us-east-1.amazonaws.com
Amazon Route 53
api-fips.route53-eu-west-1.com
route53-fips.amazonaws.com
Amazon SageMaker api-fips.sagemaker.us-east-1.amazonaws.com
api-fips.sagemaker.us-east-2.amazonaws.com
api-fips.sagemaker.us-west-2.amazonaws.com
runtime-fips.sagemaker.us-east-1.amazonaws.com
runtime-fips.sagemaker.us-east-2.amazonaws.com
runtime-fips.sagemaker.us-west-2.amazonaws.com
AWS Security Token Service (STS) sts-fips.us-west-1.amazonaws.com
sts-fips.us-west-2.amazonaws.com
sts-fips.us-east-2.amazonaws.com
sts-fips.us-east-1.amazonaws.com
AWS Service Catalog servicecatalog-fips.us-west-1.amazonaws.com
servicecatalog-fips.us-west-2.amazonaws.com
servicecatalog-fips.us-east-1.amazonaws.com
servicecatalog-fips.us-east-2.amazonaws.com
AWS Shield shield-fips.us-east-1.amazonaws.com Amazon Simple Email Service email-fips.us-east-1.amazonaws.com
email-fips.us-west-2.amazonaws.com
Amazon Simple Notification Service (SNS) sns-fips.us-west-1.amazonaws.com
sns-fips.us-west-2.amazonaws.com
sns-fips.us-east-2.amazonaws.com
sns-fips.us-east-1.amazonaws.com
Amazon Simple Queue Service (SQS) sqs-fips.us-west-1.amazonaws.com Amazon Simple Storage Service (S3)
Примечание. Эти URL серверов можно использовать только с адресами на виртуальных хостах. Например: https://bucket.s3-fips.us-east-2.amazonaws.com. См. дополнительные сведения на странице Документация по Amazon S3.
s3-fips.us-east-2.amazonaws.com
s3-fips.dualstack.us-west-1.amazonaws.com
s3-fips.dualstack.us-west-2.amazonaws.com
s3-fips.dualstack.us-east-2.amazonaws.com
s3-fips.dualstack.us-east-1.amazonaws.com
s3-fips.us-west-1.amazonaws.com
s3-fips.us-west-2.amazonaws.com
s3-fips.us-east-1.amazonaws.com
Amazon Simple Workflow Service (SWF)
swf-fips.us-west-1.amazonaws.com
swf-fips.us-west-2.amazonaws.com
swf-fips.us-east-2.amazonaws.com
swf-fips.us-east-1.amazonaws.com
AWS Snowball Не требует соответствия FIPS AWS Systems Manager ssm-fips.us-west-1.amazonaws.com
ssm-fips.us-west-2.amazonaws.com
ssm-fips.us-east-2.amazonaws.com
ssm-fips.us-east-1.amazonaws.com
Amazon Virtual Private Cloud (VPC)
Использует EC2 напрямую AWS WAF
waf-regional-fips.us-west-1.amazonaws.com
waf-regional-fips.us-west-2.amazonaws.com
waf‑regional‑fips.us‑east‑1.amazonaws.com
waf‑regional‑fips.us‑east‑2.amazonaws.com
waf‑fips.amazonaws.com
Amazon WorkDocs
workdocs-fips.us-west-2.amazonaws.com
workdocs-fips.us-east-1.amazonaws.com
shield-fips.us-east-1.amazonaws.com shield-fips.us-east-1.amazonaws.com shield-fips.us-east-1.amazonaws.com Не требует соответствия FIPS Список всех адресов AWS см. в разделе Регионы и адреса Общего справочника по AWS.
-
Какие адреса в регионе AWS GovCloud (США) соответствую требованиям FIPS?
Список адресов, которые проверены на соответствие требованиям FIPS, для региона AWS GovCloud (США) см. в Руководстве пользователя AWS GovCloud (США).
-
Какие адреса в регионе AWS Канада (Центр) соответствуют требованиям FIPS?
Сервис AWS Адреса в регионе AWS Канада (Центр) Amazon API Gateway apigateway-fips.ca-central-1.amazonaws.com Amazon CodeCommit git-codecommit-fips.ca-central-1.amazonaws.com
codecommit-fips.ca-central-1.amazonaws.com
AWS Directory Service ds-fips.ca-central-1.amazonaws.com
Amazon DynamoDB dynamodb‑fips.ca‑central‑1.amazonaws.com Amazon Elastic Compute Cloud (EC2) ec2-fips.ca-central-1.amazonaws.com
Amazon EMR (Amazon EMR) elasticmapreduce-fips.ca-central-1.amazonaws.com
Amazon Glacier glacier-fips.ca-central-1.amazonaws.com
Amazon Relational Database Service (RDS) / Amazon Aurora rds-fips.ca-central-1.amazonaws.com
Amazon Redshift
redshift-fips.ca-central-1.amazonaws.com
AWS Security Token Service (STS)
sts.ca-central-1.amazonaws.com
Amazon Simple Storage Service (Amazon S3)
Примечание. Этот адрес можно использовать только с адресами на виртуальных хостах. Например: https://bucket.s3-fips.ca-central-1.amazonaws.com. См. дополнительные сведения на странице Документация по Amazon S3.
s3-fips.ca-central-1.amazonaws.com
