From ed02d5c148a9412e92ee62d35560526b14cfc907 Mon Sep 17 00:00:00 2001 From: Ayush Shah Date: Sun, 24 Dec 2023 03:25:05 +0530 Subject: [PATCH 1/2] feat(ec2): trn1 instance type (#28477) adding support of trn1 instance type they were introduced [here](https://aws.amazon.com/ec2/instance-types/trn1/) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts index 33e7bc63d3847..d47b269118efb 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance-types.ts @@ -611,6 +611,11 @@ export enum InstanceClass { */ STORAGE_COMPUTE_1 = 'storage-compute-1', + /** + * High performance computing powered by AWS Trainium + */ + TRN1 = 'trn1', + /** * Storage/compute balanced instances, 1st generation */ @@ -1395,6 +1400,7 @@ export class InstanceType { [InstanceClass.D3]: 'd3', [InstanceClass.STORAGE3_ENHANCED_NETWORK]: 'd3en', [InstanceClass.D3EN]: 'd3en', + [InstanceClass.TRN1]: 'trn1', [InstanceClass.STORAGE_COMPUTE_1]: 'h1', [InstanceClass.H1]: 'h1', [InstanceClass.IO3]: 'i3', From 7bb72e1e1bcc84f45ebe714e379fa085a5642355 Mon Sep 17 00:00:00 2001 From: kazuho cryer-shinozuka Date: Sun, 24 Dec 2023 07:21:55 +0900 Subject: [PATCH 2/2] feat(elasticloadbalancingv2): FIPS compliant SSL policy to ALB (#28479) This Pull Request introduces a set of new FIPS-compliant SSL policies for the Application Load Balancer (ALB) in AWS Elastic Load Balancing (ELB). These policies enhance the security of ALB by providing options that are compliant with the Federal Information Processing Standards (FIPS). Closes #28455 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/shared/enums.ts | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/enums.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/enums.ts index 6fbd7864b57da..cb348ba55e946 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/enums.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/enums.ts @@ -139,6 +139,46 @@ export enum SslPolicy { */ TLS13_13 = 'ELBSecurityPolicy-TLS13-1-3-2021-06', + /** + * TLS 1.3 only with AES 128 and 256 GCM SHA ciphers + */ + FIPS_TLS13_13 = 'ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04', + + /** + * TLS 1.2 and 1.3 with AES and ECDHE GCM/SHA ciphers + */ + FIPS_TLS13_12_RES = 'ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04', + + /** + * TLS 1.2 and 1.3 with ECDHE SHA/GCM ciphers, excluding SHA1 ciphers + */ + FIPS_TLS13_12 = 'ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04', + + /** + * TLS 1.2 and 1.3 with all ECDHE ciphers + */ + FIPS_TLS13_12_EXT0 = 'ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04', + + /** + * TLS 1.2 and 1.3 with all AES and ECDHE ciphers excluding SHA1 ciphers + */ + FIPS_TLS13_12_EXT1 = 'ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04', + + /** + * TLS 1.2 and 1.3 with all ciphers + */ + FIPS_TLS13_12_EXT2 = 'ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04', + + /** + * TLS1.1 through 1.3 with all ciphers + */ + FIPS_TLS13_11 = 'ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04', + + /** + * TLS1.0 through 1.3 with all ciphers + */ + FIPS_TLS13_10 = 'ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04', + /** * Strong foward secrecy ciphers and TLV1.2 only (2020 edition). * Same as FORWARD_SECRECY_TLS12_RES, but only supports GCM versions of the TLS ciphers