darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-20 07:21:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Switch to using FIPS-enabled endpoints

Browse Source 
This changeset switches AWS service touchpoints to use their FIPS-enabled counterparts.  Note that S3 has some specific configuration associated with it.

This changeset also updates our allow ACLs to cover the FIPS-enabled endpoints.  We should investigate removing the non-FIPS endpoints as a part of this.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This commit is contained in:
Carlo Costino
2023-08-10 18:02:45 -04:00
parent d8dcde4403
commit d4848a67b5
8 changed files with 58 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/aws/s3.py
View File

@@ -2,6 +2,8 @@ import botocore
from boto3 import Session
from flask import current_app
from app.clients import AWS_CLIENT_CONFIG
FILE_LOCATION_STRUCTURE = 'service-{}-notify/{}.csv'
@@ -15,7 +17,12 @@ def get_s3_file(
def get_s3_object(
bucket_name, file_location, access_key, secret_key, region
):
session = Session(aws_access_key_id=access_key, aws_secret_access_key=secret_key, region_name=region)
session = Session(
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
region_name=region,
config=AWS_CLIENT_CONFIG
)
s3 = session.resource('s3')
return s3.Object(bucket_name, file_location)