Skip to content

chore(merge-back): 2.164.1#31910

Merged
mergify[bot] merged 5 commits intomainfrom
merge-back/2.164.1
Oct 25, 2024
Merged

chore(merge-back): 2.164.1#31910
mergify[bot] merged 5 commits intomainfrom
merge-back/2.164.1

Conversation

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation commented Oct 25, 2024
edited
Loading

See CHANGELOG

mrgrain and others added 4 commits October 25, 2024 10:05
@mrgrain
fix: enable node-fips compatible body checksums for S3 (#31883)
290a499 
Internal reference: D166315367

In FIPS enabled environments, the MD5 algorithm is not available for use in crypto module.
However by default the S3 client is using an MD5 checksum for content integrity checking.
This causes any S3 upload operation to fail with a cryptography error.

We are disabling the S3 content checksums, and are re-enabling the regular SigV4 body signing.
SigV4 uses SHA256 for their content checksum. This configuration matches the default behavior
of the AWS SDKv3 and is a safe choice for all users.

For non-FIPS users, we have verified functionality via cli-integ-tests.
For FIPS users, we have manually verified `cdk deploy` is now working in a FIPS enabled environment.
We have also verified the configuration with the affected customer.

- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@mrgrain
chore(release): 2.164.1
476fd96
@mergify
chore(release): 2.164.1 (#31901)
f99eb4e 
See CHANGELOG
@mrgrain
fix(cli): disable FIPS support for garbage collection
bb9275c 
Some S3 APIs in SDKv2 have a bug that always requires them to use a MD5 checksum. GC is using them, so we will temporarily disable the feature in FIPS environments.
@aws-cdk-automation aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Oct 25, 2024
@github-actions github-actions bot added the p2 label Oct 25, 2024
github-actions[bot]
github-actions bot previously approved these changes Oct 25, 2024
View reviewed changes
@aws-cdk-automation aws-cdk-automation requested a review from a team October 25, 2024 18:46
mrgrain
mrgrain previously approved these changes Oct 25, 2024
View reviewed changes
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Oct 25, 2024

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot dismissed stale reviews from mrgrain and github-actions[bot] October 25, 2024 19:49

Pull request has been modified.

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator Author

aws-cdk-automation commented Oct 25, 2024

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: e42cc02
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Oct 25, 2024

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit e0615fe into main Oct 25, 2024
@mergify mergify bot deleted the merge-back/2.164.1 branch October 25, 2024 20:22
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Oct 25, 2024

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mrgrain mrgrain mrgrain approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

auto-approve p2 pr/no-squash This PR should be merged instead of squash-merging it

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aws-cdk-automation @mrgrain