Closed WilliamWeiWei closed 3 years ago
@WilliamWeiWei can you try setting AWS_STS_REGIONAL_ENDPOINTS
environment variable to regional
.
$env:AWS_STS_REGIONAL_ENDPOINTS = 'regional'
You can read mode about the environment variable here.
This issue has not recieved a response in 2 weeks. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.
According to the changelog of 3.3.46.0, the Set-AWSSAMLRoleProfile cmdlet has been extended with a new parameter, -STSEndpointRegion.
But even if we set this parameter as said in the change log, the AssumeRoleWithSAMLRequest was still sent to the global sts.amazonaws.com endpoint, not the regional endpoint, thus failing to obtain credentials.
In other words, setting this parameter or not doesn't change anything. Tested with version 3.3.283.0, 3.3.428 and 4.0.5.0.
Changelog of 3.3.46.0: https://github.com/aws/aws-tools-for-powershell/blob/master/CHANGELOG.md#33460-2017-02-07
Expected Behavior Setting -STSEndpointRegion cn-north-1, Set-AWSSAMLRoleProfile will send AssumeRoleWithSAMLRequest to the regional endpoint "https://sts.cn-north-1.amazonaws.com.cn" and successfully obtain the credentials.
Current Behavior Setting -STSEndpointRegion cn-north-1, Set-AWSSAMLRoleProfile will send AssumeRoleWithSAMLRequest to the global sts.amazonaws.com endpoint, not the regional endpoint, thus failing to obtain credentials.
Possible Solution
Steps to Reproduce (for bugs)
Enabled response logs and could see it is sending request to global sts endpoint.
Context
This bug makes it impossible to use SAML profie as credential in China region.
Your Environment
Cmdlet: Set-AWSSAMLRoleProfile Tested with 3.3.283.0, 3.3.428 and 4.0.5.0