From 1dd8e5396a310f230194fa46f074934613faa4c1 Mon Sep 17 00:00:00 2001
From: Carter McKinnon <mckdev@amazon.com>
Date: Sat, 18 Nov 2023 14:53:53 -0800
Subject: [PATCH] Check for ecr-fips endpoint availability

---
 files/get-ecr-uri.sh | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/files/get-ecr-uri.sh b/files/get-ecr-uri.sh
index a160cebcb..3a5bad0b0 100755
--- a/files/get-ecr-uri.sh
+++ b/files/get-ecr-uri.sh
@@ -110,10 +110,15 @@ else
   esac # end region check
 fi
 
-AWS_ECR_SUBDOMAIN="ecr"
-# if FIPS is enabled on the machine, use the FIPS endpoint.
+ECR_DOMAIN="${acct}.dkr.ecr.${region}.${aws_domain}"
+
+# if FIPS is enabled on the machine, use the FIPS endpoint if it's available
 if [[ "$(sysctl -n crypto.fips_enabled)" == 1 ]]; then
-  AWS_ECR_SUBDOMAIN="ecr-fips"
+  ECR_FIPS_DOMAIN="${acct}.dkr.ecr-fips.${region}.${aws_domain}"
+  if [ $(getent hosts "$ECR_FIPS_DOMAIN" | wc -l) -gt 0 ]; then
+    echo "$ECR_FIPS_DOMAIN"
+    exit 0
+  fi
 fi
 
-echo "${acct}.dkr.${AWS_ECR_SUBDOMAIN}.${region}.${aws_domain}"
+echo "$ECR_DOMAIN"