@@ -66,10 +66,14 @@ def get_api_key() -> str:
6666
6767 REGION = os .environ .get ("AWS_REGION" , "" )
6868 is_gov_region = REGION .startswith ("us-gov-" )
69+ use_non_fips_endpoints = os .environ .get ("DD_AWS_USE_NON_FIPS_ENDPOINTS" , "" ).lower () == "true"
6970
7071 if DD_API_KEY_SECRET_ARN :
71- # Secrets manager endpoints: https://docs.aws.amazon.com/general/latest/gr/asm.html
72- fips_endpoint = f"https://secretsmanager-fips.{ REGION } if is_gov_region else None
72+ if is_gov_region and not use_non_fips_endpoints :
73+ # Secrets manager endpoints: https://docs.aws.amazon.com/general/latest/gr/asm.html
74+ fips_endpoint = f"https://secretsmanager-fips.{ REGION }
75+ else :
76+ fips_endpoint = None
7377 secrets_manager_client = boto3 .client (
7478 "secretsmanager" ,
7579 endpoint_url = fips_endpoint
@@ -78,8 +82,11 @@ def get_api_key() -> str:
7882 SecretId = DD_API_KEY_SECRET_ARN
7983 )["SecretString" ]
8084 elif DD_API_KEY_SSM_NAME :
81- # SSM endpoints: https://docs.aws.amazon.com/general/latest/gr/ssm.html
82- fips_endpoint = f"https://ssm-fips.{ REGION } if is_gov_region else None
85+ if is_gov_region and not use_non_fips_endpoints :
86+ # SSM endpoints: https://docs.aws.amazon.com/general/latest/gr/ssm.html
87+ fips_endpoint = f"https://ssm-fips.{ REGION }
88+ else :
89+ fips_endpoint = None
8390 ssm_client = boto3 .client (
8491 "ssm" ,
8592 endpoint_url = fips_endpoint
@@ -88,8 +95,11 @@ def get_api_key() -> str:
8895 Name = DD_API_KEY_SSM_NAME , WithDecryption = True
8996 )["Parameter" ]["Value" ]
9097 elif DD_KMS_API_KEY :
91- # KMS endpoints: https://docs.aws.amazon.com/general/latest/gr/kms.html
92- fips_endpoint = f"https://kms-fips.{ REGION } if is_gov_region else None
98+ if is_gov_region and not use_non_fips_endpoints :
99+ # KMS endpoints: https://docs.aws.amazon.com/general/latest/gr/kms.html
100+ fips_endpoint = f"https://kms-fips.{ REGION }
101+ else :
102+ fips_endpoint = None
93103 kms_client = boto3 .client (
94104 "kms" ,
95105 endpoint_url = fips_endpoint
0 commit comments