Connecting to AWS IoT FIPS endpoints
AWS IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2
The following sections describe how to access the FIPS compliant AWS IoT endpoints by using the REST API, an SDK, or the AWS CLI.
Topics
AWS IoT Core - control plane endpoints
The FIPS compliant AWS IoT Core - control plane endpoints
that support the AWS IoT
operations and their related CLI commands
To use the FIPS compliant endpoint when you access the AWS IoT operations, use the AWS SDK or the REST API with the endpoint that is appropriate for your AWS Region.
To use the FIPS compliant endpoint when you run aws iot CLI commands
AWS IoT Core - data plane endpoints
The FIPS compliant AWS IoT Core - data plane endpoints
are listed in FIPS Endpoints by Service
You can use the FIPS compliant endpoint for your AWS Region with a FIPS
compliant client by using the AWS IoT Device SDK and providing the endpoint to the
SDK's connection function in place of your account's default AWS IoT Core - data plane endpoint. The connection function is specific to
the AWS IoT Device SDK. For an example of a connection function, see the Connection function in the AWS IoT Device SDK for Python
Note
AWS IoT doesn't support AWS account-specific AWS IoT Core - data plane endpoints that are FIPS-compliant. Service features that require an AWS account-specific endpoint in the Server Name Indication (SNI) can't be used. FIPS-compliant AWS IoT Core - data plane endpoints can't support Multi-Account Registration Certificates, Custom Domains, Custom Authorizers, and Configurable Endpoints (including supported TLS policies).
AWS IoT Core - credential provider endpoints
The FIPS compliant AWS IoT Core - credential provider endpoints
are listed in FIPS Endpoints by Service
Note
AWS IoT doesn't support AWS account-specific AWS IoT Core - credential provider endpoints that are FIPS-compliant. Service features that require an AWS account-specific endpoint in the Server Name Indication (SNI) can't be used. FIPS-compliant AWS IoT Core - credential provider endpoints can't support Multi-Account Registration Certificates, Custom Domains, Custom Authorizers, and Configurable Endpoints (including supported TLS policies).
AWS IoT Device Management - jobs data endpoints
The FIPS compliant AWS IoT Device Management - jobs data endpoints are
listed in FIPS Endpoints by Service
To use the FIPS compliant AWS IoT Device Management - jobs data
endpoint when you run aws iot-jobs-data CLI commands
You can use the FIPS compliant endpoint for your AWS Region with a FIPS
compliant client by using the AWS IoT Device SDK and providing the endpoint to the
SDK's connection function in place of your account's default AWS IoT Device Management - jobs data endpoint. The connection function is specific to the
AWS IoT Device SDK. For an example of a connection function, see the Connection function in the AWS IoT Device SDK for Python
AWS IoT Device Management - Fleet Hub endpoints
The FIPS compliant AWS IoT Device Management - Fleet Hub endpoints to use
with Fleet Hub for AWS IoT Device Management
CLI
commands are listed in FIPS
Endpoints by Service
To use the FIPS compliant AWS IoT Device Management - Fleet Hub endpoint when you run aws iotfleethub CLI commands, add the --endpoint parameter with the appropriate endpoint for your AWS Region to the command. You can also use the REST API with this endpoint.
AWS IoT Device Management - secure tunneling endpoints
The FIPS compliant AWS IoT Device Management - secure tunneling endpoints
for the AWS IoT secure tunneling API and the corresponding CLI commands
To use the FIPS compliant AWS IoT Device Management - secure tunneling
endpoint when you run aws iotsecuretunneling CLI commands