AWS AmazonECR medium security documentation change
Summary
Added documentation for FIPS 140-3 compliant VPC endpoints including endpoint names and example commands
Security assessment
The changes explicitly add support for FIPS 140-3 validated cryptographic modules, which is a U.S. government security standard. This helps customers meet compliance requirements for cryptographic security in sensitive workloads.
Diff
diff --git a/AmazonECR/latest/userguide/vpc-endpoints.md b/AmazonECR/latest/userguide/vpc-endpoints.md index f7635f6ab..304d748e0 100644 --- a//AmazonECR/latest/userguide/vpc-endpoints.md +++ b//AmazonECR/latest/userguide/vpc-endpoints.md @@ -30,0 +31,2 @@ Before you configure VPC endpoints for Amazon ECR, be aware of the following con + * For workloads requiring FIPS 140-3 validated cryptographic modules, Amazon ECR supports FIPS endpoints for VPC endpoints. + @@ -81,0 +84,2 @@ When you create this endpoint, you must enable a private DNS hostname. To do thi +For FIPS 140-3 compliant connections, use the FIPS endpoint name **com.amazonaws.`region`.ecr-fips.dkr** + @@ -88,0 +93,2 @@ The specified `region` represents the Region identifier for an AWS Region suppor +For FIPS 140-3 compliant connections, use the FIPS endpoint names: **com.amazonaws.`region`.ecr-fips.dkr** and **com.amazonaws.`region`.ecr-fips.api**. + @@ -92,0 +99,2 @@ When this endpoint is created, you have the option to enable a private DNS hostn +For FIPS 140-3 compliant connections, use the FIPS endpoint name **com.amazonaws.`region`.ecr-fips.api**. + @@ -102,0 +111,5 @@ If you don't enable a private DNS hostname for the VPC endpoint, you must use th +For FIPS 140-3 compliant connections, use the FIPS endpoint URL: + + + aws ecr create-repository --repository-name name --endpoint-url https://api.ecr-fips.region.amazonaws.com +