chore(s3util): add allowFipsEndpoint option in validateArnRegion (#3962)

aws · Nov 16, 2021 · e929589 · e929589
1 parent 8724023
commit e929589
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 5 deletions.
diff --git a/.changes/next-release/feature-s3util-4a5bd10b.json b/.changes/next-release/feature-s3util-4a5bd10b.json
@@ -0,0 +1,5 @@
+{
+  "type": "feature",
+  "category": "s3util",
+  "description": "Add allowFipsEndpoint option in validateArnRegion"
+}
diff --git a/lib/services/s3util.js b/lib/services/s3util.js
@@ -132,11 +132,16 @@ var s3util = {
   /**
    * Validate region field in ARN supplied in Bucket parameter is a valid region
    */
-  validateArnRegion: function validateArnRegion(req) {
+  validateArnRegion: function validateArnRegion(req, options) {
+    if (options === undefined) {
+      options = {};
+    }
+
     var useArnRegion = s3util.loadUseArnRegionConfig(req);
     var regionFromArn = req._parsedArn.region;
     var clientRegion = req.service.config.region;
     var useFipsEndpoint = req.service.config.useFipsEndpoint;
+    var allowFipsEndpoint = options.allowFipsEndpoint || false;
 
     if (!regionFromArn) {
       throw AWS.util.error(new Error(), {
@@ -145,16 +150,20 @@ var s3util = {
       });
     }
 
-    if (
-      useFipsEndpoint ||
-      regionFromArn.indexOf('fips') >= 0
-    ) {
+    if (useFipsEndpoint && !allowFipsEndpoint) {
       throw AWS.util.error(new Error(), {
         code: 'InvalidConfiguration',
         message: 'ARN endpoint is not compatible with FIPS region'
       });
     }
 
+    if (regionFromArn.indexOf('fips') >= 0) {
+      throw AWS.util.error(new Error(), {
+        code: 'InvalidConfiguration',
+        message: 'FIPS region not allowed in ARN'
+      });
+    }
+
     if (!useArnRegion && regionFromArn !== clientRegion) {
       throw AWS.util.error(new Error(), {
         code: 'InvalidConfiguration',