Федеральный стандарт по обработке информации (FIPS) 140-2
Обзор
Федеральный стандарт обработки информации (FIPS), публикация 140‑2 – это государственный стандарт США и Канады, определяющий требования к безопасности криптографических модулей для защиты конфиденциальных данных. Если при доступе к регионам AWS Восток / Запад США, AWS GovCloud (США) или AWS Канада (Центр) через интерфейс командной строки (CLI) или программно с помощью API требуется использование криптографических модулей, проверенных на соответствие FIPS 140‑2, далее в соответствующих разделах приведен список доступных адресов, проверенных на соответствие FIPS (по регионам AWS). URL серверов VPN Amazon Virtual Private Cloud в регионе AWS GovCloud (US) функционируют с использованием проверенных на соответствие FIPS 140-2 модулей шифрования. AWS взаимодействует с клиентами, чтобы предоставить им нужную информацию для обеспечения соответствия требованиям при работе в регионах AWS Восток / Запад США, AWS GovCloud (США) или AWS Канада (Центр). Дополнительную информацию о стандарте см. на странице Cryptographic Module Validation Program веб‑сайта Центра ресурсов по компьютерной безопасности NIST.
-
Какие адреса в регионах AWS Восток и Запад США проверены на соответствие FIPS?
В следующей таблице перечислены все проверенные на соответствие FIPS адреса, которые доступны для различных сервисов AWS в регионах AWS Восток и Запад США.
Сервис AWS URL серверов в регионах AWS Восток/Запад США Amazon API Gateway apigateway-fips.us-east-1.amazonaws.com
apigateway-fips.us-east-2.amazonaws.com
apigateway-fips.us-west-1.amazonaws.com
apigateway-fips.us-west-2.amazonaws.com
Amazon AppStream 2.0 appstream2-fips.us-east-1.amazonaws.com
appstream2-fips.us-west-2.amazonaws.com
Amazon Cloud Directory clouddirectory-fips.us-east-1.amazonaws.com
clouddirectory-fips.us-east-2.amazonaws.com
clouddirectory-fips.us-west-2.amazonaws.com
Amazon CloudFront
cloudfront-fips.amazonaws.com Amazon CloudWatch Events events-fips.us-east-1.amazonaws.com
events-fips.us-east-2.amazonaws.com
events-fips.us-west-1.amazonaws.com
events-fips.us-west-2.amazonaws.com
Amazon CloudWatch Logs logs-fips.us-east-1.amazonaws.com
logs-fips.us-east-2.amazonaws.com
logs-fips.us-west-1.amazonaws.com
logs-fips.us-west-2.amazonaws.com
Amazon Cognito <домен_вашего_пула_пользователей>.auth-fips.us-east-1.amazoncognito.com
<домен_вашего_пула_пользователей>.auth-fips.us-east-2.amazoncognito.com
<домен_вашего_пула_пользователей>.auth-fips.us-west-2.amazoncognito.com
cognito-identity-fips.us-east-1.amazonaws.com
cognito-identity-fips.us-east-2.amazonaws.com
cognito-identity-fips.us-west-2.amazonaws.com
cognito-idp-fips.us-east-1.amazonaws.com
cognito-idp-fips.us-east-2.amazonaws.com
cognito-idp-fips.us-west-2.amazonaws.com
cognito-sync-fips.us-east-1.amazonaws.com
cognito-sync-fips.us-east-2.amazonaws.com
cognito-sync-fips.us-west-2.amazonaws.com
Amazon Comprehend comprehend-fips.us-east-1.amazonaws.com
comprehend-fips.us-east-2.amazonaws.com
comprehend-fips.us-west-2.amazonaws.com
Amazon Connect connect-fips.us-east-1.amazonaws.com
connect-fips.us-west-2.amazonaws.com
Amazon DynamoDB dynamodb-fips.us-east-1.amazonaws.com
dynamodb-fips.us-east-2.amazonaws.com
dynamodb-fips.us-west-1.amazonaws.com
dynamodb-fips.us-west-2.amazonaws.com
Amazon Elastic Block Store (EBS) Использует Amazon EC2 напрямую Amazon Elastic Compute Cloud (EC2) ec2-fips.us-east-1.amazonaws.com
ec2-fips.us-east-2.amazonaws.com
ec2-fips.us-west-1.amazonaws.com
ec2-fips.us-west-2.amazonaws.com
ec2messages-fips.us-east-1.amazonaws.com
ec2messages-fips.us-east-2.amazonaws.com
ec2messages-fips.us-west-1.amazonaws.com
ec2messages-fips.us-west-2.amazonaws.com
Amazon Elastic Container Registry *.dkr.ecr-fips.us-east-1.amazonaws.com
*.dkr.ecr-fips.us-east-2.amazonaws.com
*.dkr.ecr-fips.us-west-1.amazonaws.com
*.dkr.ecr-fips.us-west-2.amazonaws.com
ecr-fips.us-east-1.amazonaws.com
ecr-fips.us-east-2.amazonaws.com
ecr-fips.us-west-1.amazonaws.com
ecr-fips.us-west-2.amazonaws.com
Amazon Elastic Container Service ecs-fips.us-east-1.amazonaws.com
ecs-fips.us-east-2.amazonaws.com
ecs-fips.us-west-1.amazonaws.com
ecs-fips.us-west-2.amazonaws.com
Amazon Elastic File System elasticfilesystem-fips.us-east-1.amazonaws.com
elasticfilesystem-fips.us-east-2.amazonaws.com
elasticfilesystem-fips.us-west-1.amazonaws.com
elasticfilesystem-fips.us-west-2.amazonaws.com
Amazon Elastic Kubernetes Service (EKS) fips.eks.us-east-1.amazonaws.com
fips.eks.us-east-2.amazonaws.com
fips.eks.us-west-1.amazonaws.com
fips.eks.us-west-2.amazonaws.com
Amazon ElastiCache elasticache-fips.us-east-1.amazonaws.com
elasticache-fips.us-east-2.amazonaws.com
elasticache-fips.us-west-1.amazonaws.com
elasticache-fips.us-west-2.amazonaws.com
Amazon Elasticsearch es-fips.us-east-1.amazonaws.com
es-fips.us-east-2.amazonaws.com
es-fips.us-west-1.amazonaws.com
es-fips.us-west-2.amazonaws.com
Amazon EMR elasticmapreduce-fips.us-east-1.amazonaws.com
elasticmapreduce-fips.us-east-2.amazonaws.com
elasticmapreduce-fips.us-west-1.amazonaws.com
elasticmapreduce-fips.us-west-2.amazonaws.com
Amazon GuardDuty guardduty-fips.us-east-1.amazonaws.com
guardduty-fips.us-east-2.amazonaws.com
guardduty-fips.us-west-1.amazonaws.com
guardduty-fips.us-west-2.amazonaws.com
Amazon Inspector inspector-fips.us-east-1.amazonaws.com
inspector-fips.us-east-2.amazonaws.com
inspector-fips.us-west-1.amazonaws.com
inspector-fips.us-west-2.amazonaws.com
Amazon Kinesis Data Analytics kinesisanalytics-fips.us-east-1.amazonaws.com
kinesisanalytics-fips.us-east-2.amazonaws.com
kinesisanalytics-fips.us-west-2.amazonaws.com
Amazon Kinesis Data Firehose firehose-fips.us-east-1.amazonaws.com
firehose-fips.us-east-2.amazonaws.com
firehose-fips.us-west-1.amazonaws.com
firehose-fips.us-west-2.amazonaws.com
Amazon Kinesis Streams kinesis-fips.us-east-1.amazonaws.com
kinesis-fips.us-east-2.amazonaws.com
kinesis-fips.us-west-1.amazonaws.com
kinesis-fips.us-west-2.amazonaws.com
Amazon Macie macie-fips.us-east-1.amazonaws.com
macie-fips.us-west-2.amazonaws.com
Amazon MQ mq-fips.us-east-1.amazonaws.com
mq-fips.us-east-2.amazonaws.com
mq-fips.us-west-1.amazonaws.com
mq-fips.us-west-2.amazonaws.com
Amazon Pinpoint pinpoint-fips.us-east-1.amazonaws.com
pinpoint-fips.us-west-2.amazonaws.com
Amazon Polly polly-fips.us-east-1.amazonaws.com
polly-fips.us-east-2.amazonaws.com
polly-fips.us-west-1.amazonaws.com
polly-fips.us-west-2.amazonaws.com
Amazon QuickSight
fips-us-east-1.quicksight.aws.amazon.com
fips-us-east-2.quicksight.aws.amazon.com
fips-us-west-2.quicksight.aws.amazon.com
Amazon Redshift
redshift-fips.us-east-1.amazonaws.com
redshift-fips.us-east-2.amazonaws.com
redshift-fips.us-west-1.amazonaws.com
redshift-fips.us-west-2.amazonaws.com
Amazon Relational Database Service (RDS) / Amazon Aurora rds-fips.us-east-1.amazonaws.com
rds-fips.us-east-2.amazonaws.com
rds-fips.us-west-1.amazonaws.com
rds-fips.us-west-2.amazonaws.com
Amazon Route 53
route53-fips.amazonaws.com Amazon S3 Glacier glacier-fips.us-east-1.amazonaws.com
glacier-fips.us-east-2.amazonaws.com
glacier-fips.us-west-1.amazonaws.com
glacier-fips.us-west-2.amazonaws.com
Amazon SageMaker api-fips.sagemaker.us-west-1.amazonaws.com
api-fips.sagemaker.us-east-1.amazonaws.com
api-fips.sagemaker.us-east-2.amazonaws.com
api-fips.sagemaker.us-west-2.amazonaws.com
runtime-fips.sagemaker.us-east-1.amazonaws.com
runtime-fips.sagemaker.us-east-2.amazonaws.com
runtime-fips.sagemaker.us-west-2.amazonaws.com
runtime-fips.sagemaker.us-west-1.amazonaws.com
Amazon Simple Email Service (API HTTPS) email-fips.us-east-1.amazonaws.com
email-fips.us-west-2.amazonaws.com
Amazon Simple Email Service (SMTP) email-smtp-fips.us-east-1.amazonaws.com
email-smtp-fips.us-west-2.amazonaws.com
Amazon Simple Notification Service (SNS) sns-fips.us-west-1.amazonaws.com
sns-fips.us-west-2.amazonaws.com
sns-fips.us-east-2.amazonaws.com
sns-fips.us-east-1.amazonaws.com
Amazon Simple Queue Service (SQS) sqs-fips.us-east-2.amazonaws.com
sqs-fips.us-west-2.amazonaws.com
sqs-fips.us-east-1.amazonaws.com
sqs-fips.us-west-1.amazonaws.com
Amazon Simple Storage Service (S3)
Примечание. Эти URL серверов можно использовать только с адресами на виртуальных хостах. Например: https://bucket.s3-fips.us-east-2.amazonaws.com. См. дополнительные сведения на странице Документация по Amazon S3.
s3-fips.dualstack.us-east-1.amazonaws.com
s3-fips.dualstack.us-east-2.amazonaws.com
s3-fips.dualstack.us-west-1.amazonaws.com
s3-fips.dualstack.us-west-2.amazonaws.com
s3-fips.us-east-1.amazonaws.com
s3-fips.us-east-2.amazonaws.com
s3-fips.us-west-1.amazonaws.com
s3-fips.us-west-2.amazonaws.com
Amazon Simple Workflow Service (SWF)
swf-fips.us-east-1.amazonaws.com
swf-fips.us-east-2.amazonaws.com
swf-fips.us-west-1.amazonaws.com
swf-fips.us-west-2.amazonaws.com
Amazon Transcribe fips.transcribe.us-west-1.amazonaws.com Amazon Translate translate-fips.us-west-2.amazonaws.com
translate-fips.us-east-2.amazonaws.com
translate-fips.us-east-1.amazonaws.com
Amazon Virtual Private Cloud (VPC)
Использует Amazon EC2 напрямую Amazon WorkDocs
workdocs-fips.us-east-1.amazonaws.com
workdocs-fips.us-west-2.amazonaws.com
Amazon WorkSpaces workspaces-fips.us-east-1.amazonaws.com
workspaces-fips.us-west-2.amazonaws.com
AWS Batch fips.batch.us-east-1.amazonaws.com
fips.batch.us-east-2.amazonaws.com
fips.batch.us-west-1.amazonaws.com
fips.batch.us-west-2.amazonaws.com
AWS Certificate Manager acm-fips.us-east-1.amazonaws.com
acm-fips.us-east-2.amazonaws.com
acm-fips.us-west-2.amazonaws.com
acm-fips.us-west-1.amazonaws.com
Частный ЦС AWS Certificate Manager acm-pca-fips.us-east-1.amazonaws.com
acm-pca-fips.us-west-1.amazonaws.com
acm-pca-fips.us-east-2.amazonaws.com
acm-pca-fips.us-west-2.amazonaws.com
AWS CloudFormation cloudformation-fips.us-east-1.amazonaws.com
cloudformation-fips.us-east-2.amazonaws.com
cloudformation-fips.us-west-1.amazonaws.com
cloudformation-fips.us-west-2.amazonaws.com
AWS CloudTrail cloudtrail-fips.us-east-1.amazonaws.com
cloudtrail-fips.us-east-2.amazonaws.com
cloudtrail-fips.us-west-1.amazonaws.com
cloudtrail-fips.us-west-2.amazonaws.com
AWS CodeBuild codebuild-fips.us-west-1.amazonaws.com
codebuild-fips.us-east-1.amazonaws.com
codebuild-fips.us-west-2.amazonaws.com
codebuild-fips.us-east-2.amazonaws.com
AWS CodeCommit codecommit-fips.us-east-1.amazonaws.com
codecommit-fips.us-east-2.amazonaws.com
codecommit-fips.us-west-1.amazonaws.com
codecommit-fips.us-west-2.amazonaws.com
git-codecommit-fips.us-east-1.amazonaws.com
git-codecommit-fips.us-east-2.amazonaws.com
git-codecommit-fips.us-west-1.amazonaws.com
git-codecommit-fips.us-west-2.amazonaws.com
AWS CodeDeploy codedeploy-fips.us-east-1.amazonaws.com
codedeploy-fips.us-west-1.amazonaws.com
codedeploy-fips.us-west-2.amazonaws.com
codedeploy-fips.us-east-2.amazonaws.com
codedeploy-commands-fips.us-east-1.amazonaws.com
codedeploy-commands-fips.us-east-2.amazonaws.com
codedeploy-commands-fips.us-west-1.amazonaws.com
codedeploy-commands-fips.us-west-2.amazonaws.com
AWS CodePipeline codepipeline-fips.us-east-1.amazonaws.com
codepipeline-fips.us-east-2.amazonaws.com
codepipeline-fips.us-west-1.amazonaws.com
codepipeline-fips.us-west-2.amazonaws.com
AWS Config config-fips.us-east-1.amazonaws.com
config-fips.us-east-2.amazonaws.com
config-fips.us-west-1.amazonaws.com
config-fips.us-west-2.amazonaws.com
AWS Control Tower prod.us-east-2.blackbeard.aws.a2z.com
prod.us-east-1.blackbeard.aws.a2z.com
prod.us-west-2.blackbeard.aws.a2z.co
AWS Database Migration Service (DMS) dms‑fips.us‑east‑1.amazonaws.com
dms-fips.us-east-2.amazonaws.com
dms-fips.us-west-1.amazonaws.com
dms-fips.us-west-2.amazonaws.com
AWS DataSync datasync-fips.us-east-1.amazonaws.com
datasync-fips.us-west-1.amazonaws.com
datasync-fips.us-east-2.amazonaws.com
datasync-fips.us-west-2.amazonaws.com
AWS Direct Connect directconnect‑fips.us‑east‑1.amazonaws.com
directconnect‑fips.us‑east‑2.amazonaws.com
directconnect‑fips.us‑west‑1.amazonaws.com
directconnect‑fips.us‑west‑2.amazonaws.com
AWS Directory Service ds-fips.us-east-1.amazonaws.com
ds-fips.us-east-2.amazonaws.com
ds-fips.us-west-1.amazonaws.com
ds-fips.us-west-2.amazonaws.com
AWS Elastic Beanstalk elasticbeanstalk-fips.us-east-1.amazonaws.com
elasticbeanstalk-fips.us-east-2.amazonaws.com
elasticbeanstalk-fips.us-west-1.amazonaws.com
elasticbeanstalk-fips.us-west-2.amazonaws.com
AWS Firewall Manager fms-fips.us-west-1.amazonaws.com
fms-fips.us-east-1.amazonaws.com
fms-fips.us-west-2.amazonaws.com
fms-fips.us-east-2.amazonaws.com
AWS Glue glue-fips.us-east-1.amazonaws.com
glue-fips.us-east-2.amazonaws.com
glue-fips.us-west-1.amazonaws.com
glue-fips.us-west-2.amazonaws.com
AWS Identity and Access Management (IAM) iam-fips.amazonaws.com (только регион IAD) AWS IoT Core
AWS IoT Device Management
iot-fips.us-east-1.amazonaws.com AWS IoT Greengrass greengrass-ats.iot-fips.us-east-1.amazonaws.com AWS Key Management Service (KMS) kms-fips.us-east-1.amazonaws.com
kms-fips.us-east-2.amazonaws.com
kms-fips.us-west-1.amazonaws.com
kms-fips.us-west-2.amazonaws.com
AWS Lambda
lambda-fips.us-east-1.amazonaws.com
lambda-fips.us-east-2.amazonaws.com
lambda-fips.us-west-1.amazonaws.com
lambda-fips.us-west-2.amazonaws.com
AWS License Manager license-manager-fips.us-east-1.amazonaws.com
license-manager-fips.us-east-2.amazonaws.com
license-manager-fips.us-west-1.amazonaws.com
license-manager-fips.us-west-2.amazonaws.com
AWS OpsWorks for Chef Automate
AWS OpsWorks for Puppet Enterprise
opsworks-cm-fips.us-east-1.amazonaws.com
opsworks-cm-fips.us-east-2.amazonaws.com
opsworks-cm-fips.us-west-1.amazonaws.com
opsworks-cm-fips.us-west-2.amazonaws.com
AWS Organizations organizations-fips.us-east-1.amazonaws.com AWS Outposts outposts-fips.us-east-1.amazonaws.com
outposts-fips.us-west-1.amazonaws.com
AWS Resource Groups resource-groups-fips.us-east-1.amazonaws.com
resource-groups-fips.us-east-2.amazonaws.com
resource-groups-fips.us-west-2.amazonaws.com
resource-groups-fips.us-west-1.amazonaws.com
AWS Secrets Manager secretsmanager-fips.us-east-2.amazonaws.com
secretsmanager-fips.us-west-1.amazonaws.com
secretsmanager-fips.us-east-1.amazonaws.com
secretsmanager-fips.us-west-2.amazonaws.com
AWS Security Token Service (STS) sts-fips.us-east-1.amazonaws.com
sts-fips.us-east-2.amazonaws.com
sts-fips.us-west-1.amazonaws.com
sts-fips.us-west-2.amazonaws.com
AWS Server Migration Service (SMS) sms-fips.us-west-2.amazonaws.com
sms-fips.us-east-1.amazonaws.com
sms-fips.us-east-2.amazonaws.com
sms-fips.us-west-1.amazonaws.com
AWS Service Catalog servicecatalog-fips.us-east-1.amazonaws.com
servicecatalog-fips.us-east-2.amazonaws.com
servicecatalog-fips.us-west-1.amazonaws.com
servicecatalog-fips.us-west-2.amazonaws.com
AWS Shield shield-fips.us-east-1.amazonaws.com AWS Snowball snowball-fips.us-east-1.amazonaws.com
snowball-fips.us-east-2.amazonaws.com
snowball-fips.us-west-1.amazonaws.com
snowball-fips.us-west-2.amazonaws.com
AWS Step Functions states-fips.us-east-1.amazonaws.com
states-fips.us-east-2.amazonaws.com
states-fips.us-west-1.amazonaws.com
states-fips.us-west-2.amazonaws.com
AWS Systems Manager ssm-fips.us-east-1.amazonaws.com
ssm-fips.us-east-2.amazonaws.com
ssm-fips.us-west-1.amazonaws.com
ssm-fips.us-west-2.amazonaws.com
ssm-facade-fips.us-east-1.amazonaws.com
ssm-facade-fips.us-east-2.amazonaws.com
ssm-facade-fips.us-west-1.amazonaws.com
ssm-facade-fips.us-west-2.amazonaws.com
AWS WAF
waf‑fips.amazonaws.com
waf‑regional‑fips.us‑east‑1.amazonaws.com
waf‑regional‑fips.us‑east‑2.amazonaws.com
waf-regional-fips.us-west-1.amazonaws.com
waf-regional-fips.us-west-2.amazonaws.com
wafv2-fips.us-east-1.amazonaws.com
wafv2-fips.us-east-2.amazonaws.com
wafv2-fips.us-west-1.amazonaws.com
wafv2-fips.us-west-2.amazonaws.com
Elastic Load Balancing elasticloadbalancing-fips.us-east-1.amazonaws.com
elasticloadbalancing-fips.us-east-2.amazonaws.com
elasticloadbalancing-fips.us-west-1.amazonaws.com
elasticloadbalancing-fips.us-west-2.amazonaws.com
shield-fips.us-east-1.amazonaws.com shield-fips.us-east-1.amazonaws.com shield-fips.us-east-1.amazonaws.com Не требует соответствия FIPS cloudfront-fips.amazonaws.com cloudfront-fips.amazonaws.com cloudfront-fips.amazonaws.com Список всех адресов AWS см. в разделе Регионы и адреса Общего справочника по AWS.
-
Какие адреса в регионе AWS GovCloud (США) соответствую требованиям FIPS?
Список адресов, которые проверены на соответствие требованиям FIPS, для региона AWS GovCloud (США) см. в Руководстве пользователя AWS GovCloud (США).
-
Какие адреса в регионе AWS Канада (Центр) соответствуют требованиям FIPS?
Сервис AWS Адреса в регионе AWS Канада (Центр) Amazon API Gateway apigateway-fips.ca-central-1.amazonaws.com Amazon DynamoDB dynamodb‑fips.ca‑central‑1.amazonaws.com Amazon Elastic Compute Cloud (EC2) ec2-fips.ca-central-1.amazonaws.com
Amazon Elastic File System elasticfilesystem-fips.ca-central-1.amazonaws.com Amazon EMR elasticmapreduce-fips.ca-central-1.amazonaws.com
Amazon Redshift
redshift-fips.ca-central-1.amazonaws.com
Amazon Relational Database Service (RDS) / Amazon Aurora rds-fips.ca-central-1.amazonaws.com
Amazon S3 Glacier glacier-fips.ca-central-1.amazonaws.com
Amazon Simple Storage Service (Amazon S3)
Примечание. Этот адрес можно использовать только с адресами на виртуальных хостах. Например: https://bucket.s3-fips.ca-central-1.amazonaws.com. См. дополнительные сведения на странице Документация по Amazon S3.
s3-fips.ca-central-1.amazonaws.com AWS Certificate Manager acm-fips.ca-central-1.amazonaws.com Частный ЦС AWS Certificate Manager acm-pca-fips.ca-central-1.amazonaws.com Amazon CodeCommit git-codecommit-fips.ca-central-1.amazonaws.com
codecommit-fips.ca-central-1.amazonaws.com
AWS CodePipeline codepipeline-fips.ca-central-1.amazonaws.com AWS DataSync datasync-fips.ca-central-1.amazonaws.com AWS Directory Service ds-fips.ca-central-1.amazonaws.com
AWS Firewall Manager fms-fips.ca-central-1.amazonaws.com AWS Snowball snowball-fips.ca-central-1.amazonaws.com AWS WAF wafv2-fips.ca-central-1.amazonaws.com
waf-regional-fips.ca-central-1.amazonaws.com
