Check for ecr-fips endpoint availability

awslabs · Nov 20, 2023 · 1dd8e53 · 1dd8e53
1 parent 958d48e
commit 1dd8e53
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/files/get-ecr-uri.sh b/files/get-ecr-uri.sh
@@ -110,10 +110,15 @@ else
   esac # end region check
 fi
 
-AWS_ECR_SUBDOMAIN="ecr"
-# if FIPS is enabled on the machine, use the FIPS endpoint.
+ECR_DOMAIN="${acct}.dkr.ecr.${region}.${aws_domain}"
+
+# if FIPS is enabled on the machine, use the FIPS endpoint if it's available
 if [[ "$(sysctl -n crypto.fips_enabled)" == 1 ]]; then
-  AWS_ECR_SUBDOMAIN="ecr-fips"
+  ECR_FIPS_DOMAIN="${acct}.dkr.ecr-fips.${region}.${aws_domain}"
+  if [ $(getent hosts "$ECR_FIPS_DOMAIN" | wc -l) -gt 0 ]; then
+    echo "$ECR_FIPS_DOMAIN"
+    exit 0
+  fi
 fi
 
-echo "${acct}.dkr.${AWS_ECR_SUBDOMAIN}.${region}.${aws_domain}"
+echo "$ECR_DOMAIN"