Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(merge-back): 2.164.1 #31910

Merged
merged 5 commits into from
Oct 25, 2024
Merged

chore(merge-back): 2.164.1 #31910

merged 5 commits into from
Oct 25, 2024

Conversation

aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Oct 25, 2024

See CHANGELOG

mrgrain and others added 4 commits October 25, 2024 10:05
Internal reference: D166315367

In FIPS enabled environments, the MD5 algorithm is not available for use in crypto module.
However by default the S3 client is using an MD5 checksum for content integrity checking.
This causes any S3 upload operation to fail with a cryptography error.

We are disabling the S3 content checksums, and are re-enabling the regular SigV4 body signing.
SigV4 uses SHA256 for their content checksum. This configuration matches the default behavior
of the AWS SDKv3 and is a safe choice for all users.

For non-FIPS users, we have verified functionality via cli-integ-tests.
For FIPS users, we have manually verified `cdk deploy` is now working in a FIPS enabled environment.
We have also verified the configuration with the affected customer.

- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Some S3 APIs in SDKv2 have a bug that always requires them to use a MD5 checksum. GC is using them, so we will temporarily disable the feature in FIPS environments.
@aws-cdk-automation aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Oct 25, 2024
@github-actions github-actions bot added the p2 label Oct 25, 2024
github-actions[bot]
github-actions bot previously approved these changes Oct 25, 2024
mrgrain
mrgrain previously approved these changes Oct 25, 2024
Copy link
Contributor

mergify bot commented Oct 25, 2024

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot dismissed stale reviews from mrgrain and github-actions[bot] October 25, 2024 19:49

Pull request has been modified.

@aws-cdk-automation
Copy link
Collaborator Author

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: e42cc02
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Copy link
Contributor

mergify bot commented Oct 25, 2024

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit e0615fe into main Oct 25, 2024
14 of 15 checks passed
@mergify mergify bot deleted the merge-back/2.164.1 branch October 25, 2024 20:22
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
auto-approve p2 pr/no-squash This PR should be merged instead of squash-merging it
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants