Use FIPS endpoints when defined in ~/.aws/config or AWS_USE_FIPS_ENDPOINT environment variable

[sdickman-manh]

To simplify the use of FIPS endpoints I recommend that git-remote-codecommit use the same mechanisms as the AWS SDKs:

https://docs.aws.amazon.com/general/latest/gr/rande.html#FIPS-endpoints

To specify a FIPS endpoint when you call an AWS operation, use a mechanism provided by the tool that you're using to make the call. For example, the AWS SDKs provide the following mechanisms to enable the use of FIPS endpoints:

• Set the AWS_USE_FIPS_ENDPOINT environment variable to true
• Add use_fips_endpoint=true to your ~/.aws/config file

We currently use the undocumented environment variable CODE_COMMIT_ENDPOINT to do this. But would prefer that the AWS_USE_FIPS_ENDPOINT apply here also.

[sdickman-manh]

I did a quick test by changing line 204 and it successfully polled AWS_USE_FIPS_ENDPOINT and used the FIPS endpoint. But I suspect there is a cleaner way to leverage botocore to generate the appropriate URL.

https://github.com/aws/git-remote-codecommit/blob/master/git_remote_codecommit/__init__.py#L204

  if "AWS_USE_FIPS_ENDPOINT" in os.environ and os.environ["AWS_USE_FIPS_ENDPOINT"] == "true":
    endpoint="git-codecommit-fips"
  else:
    endpoint="git-codecommit"

  hostname = os.environ.get('CODE_COMMIT_ENDPOINT', '{}.{}.{}'.format(endpoint, region, website_domain_mapping(region)))