Update use of FIPS endpoints with DynamoDB to use new aws-sdk-go fu…

…nctionality

aws/aws-sdk-go#5078 was landed upstream, so bump `aws-sdk-go` to pick up the change.
Update code to use new functionality.

go.mod

@@ -37,7 +37,7 @@ require (
 	github.com/andybalholm/brotli v1.0.6
 	github.com/aquasecurity/libbpfgo v0.5.1-libbpf-1.2
 	github.com/armon/go-radix v1.0.0
-	github.com/aws/aws-sdk-go v1.49.4
+	github.com/aws/aws-sdk-go v1.49.13
 	github.com/aws/aws-sdk-go-v2 v1.24.0
 	github.com/aws/aws-sdk-go-v2/config v1.26.1
 	github.com/aws/aws-sdk-go-v2/credentials v1.16.12

go.sum

@@ -194,8 +194,8 @@ github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQ
 github.com/aws/aws-sdk-go v1.17.4/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.44.263/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/aws/aws-sdk-go v1.49.4 h1:qiXsqEeLLhdLgUIyfr5ot+N/dGPWALmtM1SetRmbUlY=
-github.com/aws/aws-sdk-go v1.49.4/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go v1.49.13 h1:f4mGztsgnx2dR9r8FQYa9YW/RsKb+N7bgef4UGrOW1Y=
+github.com/aws/aws-sdk-go v1.49.13/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk=

lib/backend/dynamo/dynamodbbk.go

@@ -31,7 +31,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/applicationautoscaling"
 	"github.com/aws/aws-sdk-go/service/dynamodb"
@@ -239,12 +238,6 @@ func New(ctx context.Context, params backend.Params) (*Backend, error) {
 		buf:    buf,
 	}
 
-	// determine if the FIPS endpoints should be used
-	useFIPSEndpoint := endpoints.FIPSEndpointStateUnset
-	if modules.GetModules().IsBoringBinary() {
-		useFIPSEndpoint = endpoints.FIPSEndpointStateEnabled
-	}
-
 	awsConfig := aws.Config{
 		EC2MetadataEnableFallback: aws.Bool(false),
 	}
@@ -275,15 +268,12 @@ func New(ctx context.Context, params backend.Params) (*Backend, error) {
 	}
 	b.session.Config.HTTPClient = httpClient
 
-	// create DynamoDB service:
-	svc, err := dynamometrics.NewAPIMetrics(dynamometrics.Backend, dynamodb.New(b.session, &aws.Config{
-		// Setting this on the individual service instead of the session, as DynamoDB Streams
-		// and Application Auto Scaling do not yet have FIPS endpoints in non-GovCloud.
-		// See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service
-		// TODO(reed): This can be simplified once https://github.com/aws/aws-sdk-go/pull/5078
-		// is available (or whenever AWS adds the missing FIPS endpoints).
-		UseFIPSEndpoint: useFIPSEndpoint,
-	}))
+	// Create DynamoDB service.
+	// FIPS endpoint is used if this is a FIPS build. Note that this is set on the individual
+	// service instead of the session, as DynamoDB Streams and Application Auto Scaling do not
+	// yet have FIPS endpoints in non-GovCloud.
+	// See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service
+	svc, err := dynamometrics.NewAPIMetrics(dynamometrics.Backend, dynamodb.New(b.session, aws.NewConfig().WithUseFIPSEndpoint(modules.GetModules().IsBoringBinary())))
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}

lib/events/dynamoevents/dynamoevents.go

@@ -287,13 +287,11 @@ func New(ctx context.Context, cfg Config) (*Log, error) {
 		return nil, trace.Wrap(err)
 	}
 
-	// create DynamoDB service:
+	// Create DynamoDB service.
 	svc, err := dynamometrics.NewAPIMetrics(dynamometrics.Events, dynamodb.New(b.session, &aws.Config{
 		// Setting this on the individual service instead of the session, as DynamoDB Streams
 		// and Application Auto Scaling do not yet have FIPS endpoints in non-GovCloud.
 		// See also: https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service
-		// TODO(reed): This can be simplified once https://github.com/aws/aws-sdk-go/pull/5078
-		// is available (or whenever AWS adds the missing FIPS endpoints).
 		UseFIPSEndpoint: events.FIPSProtoStateToAWSState(cfg.UseFIPSEndpoint),
 	}))
 	if err != nil {