in agent/envoy_bootstrap/envoy_bootstrap.go [283:320]
func getRegionalXdsEndpoint(region string, envoyCLIInst EnvoyCLI) (*string, error) {
xdsEndpoint := env.Get("APPMESH_XDS_ENDPOINT")
if xdsEndpoint != "" {
return &xdsEndpoint, nil
}
preview, err := env.Truthy("APPMESH_PREVIEW")
if err != nil {
return nil, err
}
dualstack, err := env.Truthy("APPMESH_DUALSTACK_ENDPOINT")
if err != nil {
return nil, err
}
var useFips bool
if fips, err := isFipsCompatible(region, envoyCLIInst); err != nil {
return nil, err
} else {
// TODO: In GovCloud regions the AppMesh FIPS xDS endpoint does not contain the suffix `-fips`.
// In future if AppMesh adds endpoints with suffx '-fips' in GovCloud regions then get rid of
// this below logic and directly use the variable `fips`.
useFips = fips && !strings.HasPrefix(region, "us-gov-")
}
if preview && useFips {
v := fmt.Sprintf("appmesh-preview-envoy-management-fips.%s.%s:443", region, getXdsDomain(region, dualstack))
return &v, nil
}
if preview {
v := fmt.Sprintf("appmesh-preview-envoy-management.%s.%s:443", region, getXdsDomain(region, dualstack))
return &v, nil
}
if useFips {
v := fmt.Sprintf("appmesh-envoy-management-fips.%s.%s:443", region, getXdsDomain(region, dualstack))
return &v, nil
}
v := fmt.Sprintf("appmesh-envoy-management.%s.%s:443", region, getXdsDomain(region, dualstack))
return &v, nil
}