Application and Network Load Balancer now supports FIPS 140-3 for TLS Termination
Share
Services
Application Load Balancer (ALB) and Network Load Balancer(NLB) now support Transport Layer Security (TLS) policies that uses Federal Information Processing Standard (FIPS) 140-3 certified cryptographic modules to protect sensitive information. FIPS 140-3 is the latest technical standard for cryptographic modules from the U.S. and Canadian Federal governments. ALB/NLB uses AWS-Libcrypto, which is a [FIPS 140-3 validated](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631) purpose built cryptographic module maintained by AWS that is secure and performant.
To enable this feature, you can simply choose any one of the FIPS enabled predefined TLS security policies for your existing or new load balancer. ALB/NLB will continue to use FIPS enabled policies if you configure TLS encryption for connections between your load balancer and target. Customers can add enforcement across their AWS accounts and AWS Organizations by using the Elastic Load Balancing (ELB) [condition keys in IAM policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/security%5Fiam%5Fservice-with-iam.html) and [Service control policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs%5Fmanage%5Fpolicies%5Fscps.html) respectively, such that it restricts users to using FIPS enabled predefined TLS security policies only.
This feature is available in [all commercial AWS Regions](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/) and the [AWS GovCloud (US) Regions](https://aws.amazon.com/govcloud-us/). To learn more, please refer to AWS Libcrypto [launch blog](https://aws.amazon.com/blogs/opensource/introducing-aws-libcrypto-for-rust-an-open-source-cryptographic-library-for-rust/), [ALB documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#fips-security-policies) and [NLB documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#fips-security-policies).
**_11/22/2023 - Post updated to better explain using IAM policies with FIPS enabled load balancers._**
What else is happening at Amazon Web Services?
Amazon AppStream 2.0 users can now save their user preferences between streaming sessions
December 13th, 2024
Services
Share
AWS Elemental MediaConnect Gateway now supports source-specific multicast
December 13th, 2024
Services
Share
Amazon EC2 instances support bandwidth configurations for VPC and EBS
December 13th, 2024
Services
Share
AWS announces new AWS Direct Connect location in Osaka, Japan
December 13th, 2024
Services
Share
Amazon DynamoDB announces support for FIPS 140-3 interface VPC and Streams endpoints
December 13th, 2024
Services
Share