0

I am following this guide for AWS FIPS: https://aws.amazon.com/compliance/fips/

I have added successfully been able to FIPS on AWS AMI EC2 for ASG using the following guide in CloudFormation: https://aws.amazon.com/blogs/publicsector/enabling-fips-mode-amazon-linux-2/

The Jenkins Pipeline Bake AMI is building successfully however still not fully working with following errors:

java.lang.NoClassDefFoundError: Could not initialize class sun.security.ssl.SignatureScheme

Any ideas as to how I can fix this? Could this be an NGINX issue?

ianhalfpenny
  • 1
  • 2
  • Please define " still not fully working". – Romeo Ninov Sep 12 '22 at 16:36
  • @RomeoNinov just updated – ianhalfpenny Sep 12 '22 at 16:39
  • You're missing important details. You mention building an AMI and then say "not fully working". Does the Packer AMI build process complete successfully? Do you launch an EC2 instance with the AMI successfully? Does the Amazon Linux2 Operating system start successfully? Is it the step where the Jenkins software starts that you're seeing the error? An understanding of how far you're getting through the list of steps and exactly which step produces the error (and if that error appears in a log file, which file it's in) is necessary to assist you with this. – Sotto Voce Sep 12 '22 at 16:45
  • 1
    Nginx is a program written in the C language, so it's not likely to return errors that mention Java classes. Jenkins, on the other hand, is written in the Java language. – Sotto Voce Sep 12 '22 at 16:46
  • To get meaningful answer you should describe your environment, Jenkins plugins, pipeline(s), external tools. In this moment this is only text which say (almost) nothing. – Romeo Ninov Sep 12 '22 at 18:13
  • @SottoVoce I need to write an aws custom wrapper script but not sure how. Here is the direction: I would probably write an aws wrapper script. The "aws" shell script would sit in your PATH before the real aws command. And then in the pipeline any aws invoke would actually start your wrapper aws shell script and see what service is being used and add the appropriate endpoint-url and invoke the "real" aws command aws kms create-key --endpoint-url https://kms-fips.us-west-2.amazonaws.com/ Trying to do this in the pipeline https://github.com/wbingli/awscli-plugin-endpoint – ianhalfpenny Sep 29 '22 at 13:58

0 Answers0