Today, AWS has announced new AMIs for Bottlerocket that are preconfigured to use FIPS 140-3 validated cryptographic modules, including the Amazon Linux 2023 Kernel Crypto API and AWS-LC. Bottlerocket is a Linux-based operating system purpose-built for running containers, with a focus on security, minimal footprint, and safe updates.
With these FIPS-enabled Bottlerocket AMIs, the host software uses only FIPS-approved cryptographic algorithms for TLS connections. This includes connectivity to AWS services such as EC2 and Amazon Elastic Container Registry (ECR). Additionally, in regions where FIPS endpoints are available, the AMIs automatically use FIPS-compliant endpoints for these services by default, streamlining secure configurations for containerized workloads.
The FIPS-enabled Bottlerocket AMIs are now available in all commercial and AWS GovCloud (US) Regions. To see the regions where FIPS-endpoints are supported, visit the AWS FIPS 140-3 page.
To get started with Bottlerocket, see the Bottlerocket User Guide. You can also visit the Bottlerocket product page and explore the Bottlerocket GitHub repository for more information.
Source:: Amazon AWS