From 767e03aee17832f6dfa17e5bf6e3d2cbcc0ad963 Mon Sep 17 00:00:00 2001
From: "Kamat, Trivikram" <16024985+trivikr@users.noreply.github.com>
Date: Tue, 16 Nov 2021 01:35:35 +0000
Subject: [PATCH 1/2] chore(s3util): add allowFipsEndpoint option in
 validateArnRegion

---
 lib/services/s3util.js | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/lib/services/s3util.js b/lib/services/s3util.js
index 1ec008cd8a..c2d0880f1d 100644
--- a/lib/services/s3util.js
+++ b/lib/services/s3util.js
@@ -132,11 +132,16 @@ var s3util = {
   /**
    * Validate region field in ARN supplied in Bucket parameter is a valid region
    */
-  validateArnRegion: function validateArnRegion(req) {
+  validateArnRegion: function validateArnRegion(req, options) {
+    if (options === undefined) {
+      options = {};
+    }
+
     var useArnRegion = s3util.loadUseArnRegionConfig(req);
     var regionFromArn = req._parsedArn.region;
     var clientRegion = req.service.config.region;
     var useFipsEndpoint = req.service.config.useFipsEndpoint;
+    var allowFipsEndpoint = options.allowFipsEndpoint || false;
 
     if (!regionFromArn) {
       throw AWS.util.error(new Error(), {
@@ -145,16 +150,20 @@ var s3util = {
       });
     }
 
-    if (
-      useFipsEndpoint ||
-      regionFromArn.indexOf('fips') >= 0
-    ) {
+    if (useFipsEndpoint && !allowFipsEndpoint) {
       throw AWS.util.error(new Error(), {
         code: 'InvalidConfiguration',
         message: 'ARN endpoint is not compatible with FIPS region'
       });
     }
 
+    if (regionFromArn.indexOf('fips') >= 0) {
+      throw AWS.util.error(new Error(), {
+        code: 'InvalidConfiguration',
+        message: 'FIPS region not allowed in ARN'
+      });
+    }
+
     if (!useArnRegion && regionFromArn !== clientRegion) {
       throw AWS.util.error(new Error(), {
         code: 'InvalidConfiguration',

From 4373d9097ae513875e1d7be60be459deca18fd9b Mon Sep 17 00:00:00 2001
From: "Kamat, Trivikram" <16024985+trivikr@users.noreply.github.com>
Date: Tue, 16 Nov 2021 01:38:38 +0000
Subject: [PATCH 2/2] npm run add-change

---
 .changes/next-release/feature-s3util-4a5bd10b.json | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changes/next-release/feature-s3util-4a5bd10b.json

diff --git a/.changes/next-release/feature-s3util-4a5bd10b.json b/.changes/next-release/feature-s3util-4a5bd10b.json
new file mode 100644
index 0000000000..1a0649c9de
--- /dev/null
+++ b/.changes/next-release/feature-s3util-4a5bd10b.json
@@ -0,0 +1,5 @@
+{
+  "type": "feature",
+  "category": "s3util",
+  "description": "Add allowFipsEndpoint option in validateArnRegion"
+}
\ No newline at end of file