FIPS is not supported for S3 Object Lambda

[trivikr]

Confirm by changing [ ] to [x] below to ensure that it's a bug:

• I've gone through Developer Guide and API reference
• I've checked AWS Forums and StackOverflow for answers
• I've searched for previous similar issues and didn't find any solution
• This is an issue with version 2.x of the SDK

Describe the bug
FIPS is not supported for S3 Object Lambda

Is the issue in the browser/Node.js?
All

If on Node.js, are you running this on AWS Lambda?
No

Details of the browser/Node.js version
All

SDK version number
[email protected]

To Reproduce (observed behavior)

• Create S3 Object Lambda for a test accesspoint.
• Run the below example code.
• Note that following error is thrown: InvalidConfiguration: ARN endpoint is not compatible with FIPS region

Code

import AWS from "aws-sdk";

// ARN for the S3 Object Lambda
const Bucket =
  "arn:aws:s3-object-lambda:us-west-2:123456789012:accesspoint/trivikr-object-lambda-testing";

const client = new AWS.S3({ region: "fips-us-west-2" });
await client.listObjects({ Bucket }).promise();

Expected behavior
The SDK should attempt calling {accesspoint-name}-{account-id}.s3-object-lambda[-fips][.dualstack].{region}.{partition}

The accesspoint provided in test case: arn:aws:s3-object-lambda:us-west-2:123456789012:accesspoint/trivikr-object-lambda-testing
The resulting endpoint should be: trivikr-object-lambda-testing-123456789012.s3-object-lambda-fips.us-west-2.amazonaws.com

[trivikr]

Equivalent AWS CLI code:

$ aws --version
aws-cli/2.3.6 Python/3.8.8 Darwin/20.6.0 exe/x86_64 prompt/off

$ aws s3api list-objects --bucket arn:aws:s3-object-lambda:us-west-2:123456789012:accesspoint/trivikr-object-lambda-testing --region fips-us-west-2 --debug 2>&1 | grep "urllib3.connectionpool" | head -n 5
2021-11-12 11:54:38,617 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): trivikr-object-lambda-testing-123456789012.s3-object-lambda-fips.us-west-2.amazonaws.com:443
  File "urllib3/connectionpool.py", line 755, in urlopen
  File "urllib3/connectionpool.py", line 699, in urlopen
  File "urllib3/connectionpool.py", line 382, in _make_request
  File "urllib3/connectionpool.py", line 1010, in _validate_conn

[trivikr]

Verified that FIPS is supported for S3 Object Lambda in AWS SDK for JavaScript (v3):

Code

import { S3 } from "@aws-sdk/client-s3";

const logHostnameMiddleware = (next) => async (args) => {
  console.log({ hostname: args.request.hostname });
  return next(args);
};
const logHostnameMiddlewareOptions = { step: "deserialize" };

// ARN for the S3 Object Lambda
const Bucket =
  "arn:aws:s3-object-lambda:us-west-2:123456789012:accesspoint/trivikr-object-lambda-testing";

const client = new S3({ region: "fips-us-west-2" });
client.middlewareStack.add(logHostnameMiddleware, logHostnameMiddlewareOptions);
try {
  await client.listObjects({ Bucket }).promise();
} catch (error) {}

Output

{
  hostname: 'trivikr-object-lambda-testing-123456789012.s3-object-lambda-fips.us-west-2.amazonaws.com'
}