Closed lyricnz closed 5 months ago
Is this real issue? STS is a global service, but it looks like it has a list of "enabled by default" regions (which doesn't include Melbourne)
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
If you use a regional endpoint (as recommended) then the credential is valid for that region only? So this bug is real?
I think this is a red herring. Certainly it's obsoleted by https://github.com/Innablr/revolver/pull/313
It looks like the code in connectTo() uses a cache, but this doesn't consider that multiple regions may be in use for the same role. This may result in a client being created with invalid credentials for the particular region.
https://github.com/Innablr/revolver/blob/develop/lib/assume.ts#L30 with problem areas highlighted.