chore: note about fips compliance across different regions

apiarian-datadog · apiarian-datadog · commit dc0f1b886ac2 · 2025-05-15T10:19:18.000-04:00
diff --git a/content/en/serverless/aws_lambda/configuration.md b/content/en/serverless/aws_lambda/configuration.md
@@ -606,8 +606,9 @@ To enable FIPS compliance for AWS Lambda functions, follow these steps:
 
 3. For Lambda functions using Ruby, .NET, or Java, no additional environment variable configuration is needed, as these runtimes do not make direct API calls.
 
-4. Configure your Lambda function to use the US1-FED Datadog site:
-   - Set the `DD_SITE` to `ddog-gov.com` (required for FIPS compliance)
+4. For complete end-to-end FIPS compliance, configure your Lambda function to use the US1-FED Datadog site:
+   - Set the `DD_SITE` to `ddog-gov.com` (required for end-to-end FIPS compliance)
+   - Note that while the FIPS-compliant Lambda components work with any Datadog site, only the US1-FED site has FIPS-compliant intake endpoints
 
 ## Propagate trace context over AWS resources
 
diff --git a/content/en/serverless/aws_lambda/fips-compliance.md b/content/en/serverless/aws_lambda/fips-compliance.md
@@ -13,7 +13,7 @@ algolia:
 ---
 
 {{< site-region region="us,us3,us5,eu,ap1" >}}
-<div class="alert alert-warning">The FIPS-compliant Datadog Lambda extension is available all AWS regions but should only be used for sending data to the US1-FED region.</div>
+<div class="alert alert-warning">The FIPS-compliant Datadog Lambda extension is available in all AWS regions. While you can use these FIPS-compliant Lambda components with any Datadog site, end-to-end FIPS compliance requires sending data to the US1-FED site (ddog-gov.com).</div>
 {{< /site-region >}}
 
 Datadog provides FIPS-compliant monitoring for AWS Lambda functions through the use of FIPS-certified cryptographic modules and specially designed Lambda extension layers.
@@ -94,7 +94,7 @@ To use FIPS-compliant monitoring for your AWS Lambda functions:
 2. **Configure environment variables**:
    - For GovCloud environments, `DD_LAMBDA_FIPS_MODE` is enabled by default
    - For commercial regions, set `DD_LAMBDA_FIPS_MODE=true` to enable FIPS mode
-   - Set `DD_SITE` to `ddog-gov.com` to send data to the US1-FED site
+   - For complete end-to-end FIPS compliance, set `DD_SITE` to `ddog-gov.com` to send data to the US1-FED site
 
 3. **Follow the standard installation instructions**:
    - Refer to the [installation guides][1] for language-specific configurations
@@ -104,7 +104,7 @@ For detailed installation instructions specific to your language runtime and dep
 
 ## Limitations and Considerations
 
-- **US1-FED Region**: The FIPS-compliant Lambda components should only be used for sending telemetry to the US1-FED region (`ddog-gov.com`).
+- **End-to-end FIPS Compliance**: For complete FIPS compliance, the FIPS-compliant Lambda components must be used to send telemetry to the US1-FED region (`ddog-gov.com`). While the Lambda components themselves implement FIPS-compliant cryptography regardless of the destination, only the US1-FED site has FIPS-compliant intake endpoints.
 
 - **Customer Responsibility**: You, the Datadog customer, are responsible for:
   - The security posture of your own Lambda function code
diff --git a/content/en/serverless/aws_lambda/installation/_index.md b/content/en/serverless/aws_lambda/installation/_index.md
@@ -32,7 +32,7 @@ For the detailed installation instructions, select the Lambda runtime below:
 
 ## FIPS Compliance Support
 
-Datadog provides FIPS-compliant monitoring for AWS Lambda functions through dedicated FIPS-compliant Lambda extension layers and runtime-specific configurations. If you need to maintain FIPS compliance while monitoring your Lambda functions, see the [AWS Lambda FIPS Compliance][4] documentation page for details.
+Datadog provides FIPS-compliant monitoring for AWS Lambda functions through dedicated FIPS-compliant Lambda extension layers and runtime-specific configurations. The FIPS-compliant components implement FIPS-certified cryptography and work with any Datadog site, but end-to-end FIPS compliance requires using the US1-FED site. If you need to maintain FIPS compliance while monitoring your Lambda functions, see the [AWS Lambda FIPS Compliance][4] documentation page for details.
 
 ## Advanced Configurations
 
diff --git a/content/en/serverless/aws_lambda/installation/dotnet.md b/content/en/serverless/aws_lambda/installation/dotnet.md
@@ -18,7 +18,7 @@ further_reading:
 
 <div class="alert alert-info">Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. <a href="#minimize-cold-start-duration">Read more</a>.</div>
 
-<div class="alert alert-info">For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the .NET runtime layer does not require additional configuration. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
+<div class="alert alert-info">For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the .NET runtime layer does not require additional configuration. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
 
 ## Installation
 
diff --git a/content/en/serverless/aws_lambda/installation/go.md b/content/en/serverless/aws_lambda/installation/go.md
@@ -21,7 +21,7 @@ aliases:
 
 <div class="alert alert-info">Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. <a href="#minimize-cold-start-duration">Read more</a>.</div>
 
-<div class="alert alert-info">Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the <code>DD_LAMBDA_FIPS_MODE</code> environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and direct metric submission is disabled. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
+<div class="alert alert-info">Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the <code>DD_LAMBDA_FIPS_MODE</code> environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and direct metric submission is disabled. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
 
 ## Installation
 
diff --git a/content/en/serverless/aws_lambda/installation/java.md b/content/en/serverless/aws_lambda/installation/java.md
@@ -17,7 +17,7 @@ aliases:
 
 <div class="alert alert-info">Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. <a href="#minimize-cold-start-duration">Read more</a>.</div>
 
-<div class="alert alert-info">For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the Java runtime layer does not require additional configuration. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
+<div class="alert alert-info">For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the Java runtime layer does not require additional configuration. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
 
 To fully instrument your serverless application with distributed tracing, your Java Lambda functions must be using the Java 8 Corretto (`java8.al2`), Java 11 (`java11`), Java 17 (`java17`), or Java 21 (`java21`) runtimes with at least 1024 MB of memory.
 
diff --git a/content/en/serverless/aws_lambda/installation/nodejs.md b/content/en/serverless/aws_lambda/installation/nodejs.md
@@ -27,7 +27,7 @@ aliases:
 
 <div class="alert alert-info">Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. <a href="#minimize-cold-start-duration">Read more</a>.</div>
 
-<div class="alert alert-info">Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the <code>DD_LAMBDA_FIPS_MODE</code> environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and direct metric submission is disabled. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
+<div class="alert alert-info">Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the <code>DD_LAMBDA_FIPS_MODE</code> environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and direct metric submission is disabled. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
 
 ## Installation
 
diff --git a/content/en/serverless/aws_lambda/installation/python.md b/content/en/serverless/aws_lambda/installation/python.md
@@ -24,7 +24,7 @@ algolia:
 
 <div class="alert alert-info">Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. <a href="#minimize-cold-start-duration">Read more</a>.</div>
 
-<div class="alert alert-info">Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the <code>DD_LAMBDA_FIPS_MODE</code> environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and direct metric submission is disabled. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
+<div class="alert alert-info">Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For GovCloud environments, the <code>DD_LAMBDA_FIPS_MODE</code> environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and direct metric submission is disabled. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
 
 ## Installation
 
diff --git a/content/en/serverless/aws_lambda/installation/ruby.md b/content/en/serverless/aws_lambda/installation/ruby.md
@@ -24,7 +24,7 @@ aliases:
 
 <div class="alert alert-info">Version 67+ of the Datadog Lambda Extension uses an optimized version of the extension. <a href="#minimize-cold-start-duration">Read more</a>.</div>
 
-<div class="alert alert-info">For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the Ruby runtime layer does not require additional configuration. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
+<div class="alert alert-info">For FIPS compliance, use the Datadog FIPS-compliant extension layer, but note that the Ruby runtime layer does not require additional configuration. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See <a href="/serverless/aws_lambda/fips-compliance">AWS Lambda FIPS Compliance</a> for more details.</div>
 
 ## Installation
 
