Switch to using FIPS-enabled endpoints

This changeset switches AWS service touchpoints to use their FIPS-enabled counterparts.  Note that S3 has some specific configuration associated with it.

This changeset also updates our allow ACLs to cover the FIPS-enabled endpoints.  We should investigate removing the non-FIPS endpoints as a part of this.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>

deploy-config/egress_proxy/notify-api-demo.allow.acl

@@ -1,5 +1,14 @@
+logs.us-east-1.amazonaws.com
+logs-fips.us-east-1.amazonaws.com
 monitoring.us-west-2.amazonaws.com
+monitoring-fips.us-west-2.amazonaws.com
 email.us-west-2.amazonaws.com
+email-fips.us-west-2.amazonaws.com
+s3-fips.us-east-1.amazonaws.com
+s3-fips.us-east-2.amazonaws.com
+s3-fips.us-west-1.amazonaws.com
+s3-fips.us-west-2.amazonaws.com
 sns.us-east-1.amazonaws.com
+sns-fips.us-east-1.amazonaws.com
 gov-collector.newrelic.com
 egress-proxy-notify-api-demo.apps.internal

deploy-config/egress_proxy/notify-api-production.allow.acl

@@ -1,5 +1,9 @@
+logs.us-gov-west-1.amazonaws.com
 monitoring.us-west-2.amazonaws.com
 email.us-gov-west-1.amazonaws.com
+email-fips.us-gov-west-1.amazonaws.com
+s3-fips.us-gov-east-1.amazonaws.com
+s3-fips.us-gov-west-1.amazonaws.com
 sns.us-gov-west-1.amazonaws.com
 gov-collector.newrelic.com
 egress-proxy-notify-api-production.apps.internal

deploy-config/egress_proxy/notify-api-staging.allow.acl

@@ -1,6 +1,14 @@
 logs.us-west-2.amazonaws.com
+logs-fips.us-west-2.amazonaws.com
 monitoring.us-west-2.amazonaws.com
+monitoring-fips.us-west-2.amazonaws.com
 email.us-west-2.amazonaws.com
+email-fips.us-west-2.amazonaws.com
+s3-fips.us-east-1.amazonaws.com
+s3-fips.us-east-2.amazonaws.com
+s3-fips.us-west-1.amazonaws.com
+s3-fips.us-west-2.amazonaws.com
 sns.us-west-2.amazonaws.com
+sns-fips.us-west-2.amazonaws.com
 gov-collector.newrelic.com
 egress-proxy-notify-api-staging.apps.internal