Connect to Amazon IoT FIPS endpoints
Amazon IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2
The following sections describe how to access the FIPS compliant Amazon IoT endpoints by using the REST API, an SDK, or the Amazon CLI.
Topics
Amazon IoT Core - control plane endpoints
The FIPS compliant Amazon IoT Core - control plane endpoints
that support the Amazon IoT
operations and their related CLI commands
To use the FIPS compliant endpoint when you access the Amazon IoT operations, use the Amazon SDK or the REST API with the endpoint that is appropriate for your Amazon Web Services Region.
To use the FIPS compliant endpoint when you run aws iot CLI commands
Amazon IoT Core - data plane endpoints
The FIPS compliant Amazon IoT Core - data plane endpoints
are listed in FIPS Endpoints by Service
You can use the FIPS compliant endpoint for your Amazon Web Services Region with a FIPS
compliant client by using the Amazon IoT Device SDK and providing the endpoint to the
SDK's connection function in place of your account's default Amazon IoT Core - data plane endpoint. The connection function is specific to
the Amazon IoT Device SDK. For an example of a connection function, see the Connection function in the Amazon IoT Device SDK for Python
Note
Amazon IoT doesn't support Amazon Web Services account-specific Amazon IoT Core - data plane endpoints that are FIPS-compliant. Service features that require an Amazon Web Services account-specific endpoint in the Server Name Indication (SNI) can't be used. FIPS-compliant Amazon IoT Core - data plane endpoints can't support Multi-Account Registration Certificates, Custom Domains, Custom Authorizers, and Configurable Endpoints (including supported TLS policies).
Amazon IoT Core - credential provider endpoints
The FIPS compliant Amazon IoT Core - credential provider endpoints
are listed in FIPS Endpoints by Service
Note
Amazon IoT doesn't support Amazon Web Services account-specific Amazon IoT Core - credential provider endpoints that are FIPS-compliant. Service features that require an Amazon Web Services account-specific endpoint in the Server Name Indication (SNI) can't be used. FIPS-compliant Amazon IoT Core - credential provider endpoints can't support Multi-Account Registration Certificates, Custom Domains, Custom Authorizers, and Configurable Endpoints (including supported TLS policies).
Amazon IoT Device Management - jobs data endpoints
The FIPS compliant Amazon IoT Device Management - jobs data endpoints are
listed in FIPS Endpoints by Service
To use the FIPS compliant Amazon IoT Device Management - jobs data
endpoint when you run aws iot-jobs-data CLI commands
You can use the FIPS compliant endpoint for your Amazon Web Services Region with a FIPS
compliant client by using the Amazon IoT Device SDK and providing the endpoint to the
SDK's connection function in place of your account's default Amazon IoT Device Management - jobs data endpoint. The connection function is specific to the
Amazon IoT Device SDK. For an example of a connection function, see the Connection function in the Amazon IoT Device SDK for Python
Amazon IoT Device Management - Fleet Hub endpoints
The FIPS compliant Amazon IoT Device Management - Fleet Hub endpoints to use
with Fleet Hub for Amazon IoT Device Management
CLI
commands are listed in FIPS
Endpoints by Service
To use the FIPS compliant Amazon IoT Device Management - Fleet Hub endpoint when you run aws iotfleethub CLI commands, add the --endpoint parameter with the appropriate endpoint for your Amazon Web Services Region to the command. You can also use the REST API with this endpoint.
Amazon IoT Device Management - secure tunneling endpoints
The FIPS compliant Amazon IoT Device Management - secure tunneling endpoints
for the Amazon IoT secure tunneling API and the corresponding CLI commands
To use the FIPS compliant Amazon IoT Device Management - secure tunneling
endpoint when you run aws iotsecuretunneling CLI commands