diff --git a/files/get-ecr-uri.sh b/files/get-ecr-uri.sh
index a160cebcb..3a5bad0b0 100755
--- a/files/get-ecr-uri.sh
+++ b/files/get-ecr-uri.sh
@@ -110,10 +110,15 @@ else
   esac # end region check
 fi
 
-AWS_ECR_SUBDOMAIN="ecr"
-# if FIPS is enabled on the machine, use the FIPS endpoint.
+ECR_DOMAIN="${acct}.dkr.ecr.${region}.${aws_domain}"
+
+# if FIPS is enabled on the machine, use the FIPS endpoint if it's available
 if [[ "$(sysctl -n crypto.fips_enabled)" == 1 ]]; then
-  AWS_ECR_SUBDOMAIN="ecr-fips"
+  ECR_FIPS_DOMAIN="${acct}.dkr.ecr-fips.${region}.${aws_domain}"
+  if [ $(getent hosts "$ECR_FIPS_DOMAIN" | wc -l) -gt 0 ]; then
+    echo "$ECR_FIPS_DOMAIN"
+    exit 0
+  fi
 fi
 
-echo "${acct}.dkr.${AWS_ECR_SUBDOMAIN}.${region}.${aws_domain}"
+echo "$ECR_DOMAIN"