Protecting data in transit with FIPS endpoints and Amazon WorkSpaces Secure Browser

By default, when you communicate with the WorkSpaces Secure Browser service as an administrator using the console, the AWS Command Line Interface (AWS CLI), or an AWS SDK, or during a user’s session, all data in transit is encrypted using TLS 1.2.

If you require FIPS 140-3 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. When you use a FIPS endpoint, all data in transit is encrypted using cryptographic standards that comply with Federal Information Processing Standard (FIPS) 140-3. For information about FIPS endpoints, including a list of WorkSpaces Secure Browser endpoints, see https://aws.amazon.com/compliance/fips.

After a portal is created with FIPS endpoints, all user sessions and administrative changes are automatically made using FIPS 140-3 endpoints. You can use the AWS_USE_FIPS_ENDPOINT=true environment variable to locate FIPS endpoints and send requests with the SDK. The following is an example.



$ export AWS_USE_FIPS_ENDPOINT=true
$ aws workspaces-web list-portal

You can also use the —endpoint-url option to send requests directly to FIPS endpoints. The following is an example calling list portals in the US-West-2 (Oregon) Region:



$ aws workspaces-web list-portal --endpoint-url https://workspaces-web-fips.us-west-2.amazonaws.com

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Session management dashboard

Data protection settings