From 5fecee795057ce7c1babad9597951d37eede9b25 Mon Sep 17 00:00:00 2001 From: Oscar Torandell Date: Fri, 5 Sep 2025 13:46:45 +0200 Subject: [PATCH 1/2] feat: added runtime vars to activate FIPS on FedRAMP environments and builds. --- user_data/saas.tftpl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/user_data/saas.tftpl b/user_data/saas.tftpl index a0d66e7..a14dade 100644 --- a/user_data/saas.tftpl +++ b/user_data/saas.tftpl @@ -73,6 +73,13 @@ spacelift () {( export SPACELIFT_METADATA_asg_id=$(aws autoscaling --region=${region} describe-auto-scaling-instances --instance-ids $SPACELIFT_METADATA_instance_id | jq -r '.AutoScalingInstances[0].AutoScalingGroupName') echo "Starting the Spacelift binary" >> /var/log/spacelift/info.log + + # Set FIPS 140 compliance for fedRAMP environments + if [[ -n "$fedrampSuffix" ]]; then + echo "Setting GODEBUG=fips140=only for fedRAMP compliance" >> /var/log/spacelift/info.log + export GODEBUG=fips140=only + fi + /usr/bin/spacelift-launcher 1>>/var/log/spacelift/info.log 2>>/var/log/spacelift/error.log )} From 55604d9d98ab2d9cda389f3638ea6b4ac7831f6f Mon Sep 17 00:00:00 2001 From: Oscar Torandell Date: Tue, 9 Sep 2025 14:38:40 +0200 Subject: [PATCH 2/2] chore: Removing redundant comment --- user_data/saas.tftpl | 1 - 1 file changed, 1 deletion(-) diff --git a/user_data/saas.tftpl b/user_data/saas.tftpl index a14dade..e443c65 100644 --- a/user_data/saas.tftpl +++ b/user_data/saas.tftpl @@ -74,7 +74,6 @@ spacelift () {( echo "Starting the Spacelift binary" >> /var/log/spacelift/info.log - # Set FIPS 140 compliance for fedRAMP environments if [[ -n "$fedrampSuffix" ]]; then echo "Setting GODEBUG=fips140=only for fedRAMP compliance" >> /var/log/spacelift/info.log export GODEBUG=fips140=only