All posts
September 11, 20251 min read

Understanding AWS CLI-Style Profiles with FIPS 140-3

It was a FIPS 140-3 requirement I didn’t meet. The AWS CLI profile I was using wasn’t set up to enforce it. Minutes earlier, everything was fine. Now, nothing moved. That’s when I decided never to run without proper CLI-style profiles that comply with FIPS from the start. Understanding AWS CLI-Style Profiles with FIPS 140-3 AWS CLI supports named profiles, but most setups stop short of full compliance when security standards step up to FIPS 140-3. This standard is the latest benchmark for cry

Free White Paper

FIPS 140-3 + AWS IAM Policies: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

It was a FIPS 140-3 requirement I didn’t meet. The AWS CLI profile I was using wasn’t set up to enforce it. Minutes earlier, everything was fine. Now, nothing moved. That’s when I decided never to run without proper CLI-style profiles that comply with FIPS from the start.

Understanding AWS CLI-Style Profiles with FIPS 140-3

AWS CLI supports named profiles, but most setups stop short of full compliance when security standards step up to FIPS 140-3. This standard is the latest benchmark for cryptographic module security. Passing it means you’re using cryptographic algorithms approved and validated by NIST, and that your connections meet strict requirements from the first handshake.

You can define CLI-style profiles in ~/.aws/config and tie them to FIPS endpoints. For example:

[profile secure-fips]
region = us-east-1
output = json
cli_pager=

Run commands with:

aws s3 ls --profile secure-fips --endpoint-url https://s3-fips.us-east-1.amazonaws.com

This ensures every API request for this profile hits a FIPS 140-3 endpoint. Large organizations use this to cover every environment—development, staging, production—without relying on developers to remember to toggle the right flag.

Continue reading? Get the full guide.

FIPS 140-3 + AWS IAM Policies: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Why FIPS 140-3 Matters Now

Version 140-2 is being retired. New audits and compliance checks already expect FIPS 140-3 readiness. The changes aren’t cosmetic; they cover updated cryptographic algorithms, stricter entropy sourcing, and enhanced integrity checks. Non-compliance risks blocked deployments, rejected integrations, and worse—security gaps invisible until exploited.

Building CLI Profiles for Repeatable Compliance

Treat AWS CLI profiles like templates for compliance. Define regions, output formats, and endpoint URLs once, and version-control them. Make sure each profile name is clear—secure-fips-prod is better than prod42. Require their use in CI/CD runners. Test them against live FIPS endpoints before rollout.

Automating AWS CLI-Style Profiles with FIPS 140-3

Manual config works, but automation makes it bulletproof. Scripts can provision profiles, inject them into developer environments, or rotate credentials without touching a human keyboard. Done right, this harmonizes compliance across dozens or hundreds of engineers without slowing down anyone’s workflow.

That’s the real edge: every request, every time, goes out secure and compliant, without thought or hesitation.

You can have this running in minutes. See it live at hoop.dev and build AWS CLI-style profiles with FIPS 140-3 compliance baked into your stack from the first command.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts