seanzatzdev-amazon
commented
3 months ago Which regions is this an issue for? What is the impact? Are IAM mounts failing in these regions?
Open jdwtf opened 3 months ago
seanzatzdev-amazon
commented
3 months ago Which regions is this an issue for? What is the impact? Are IAM mounts failing in these regions?
jdwtf
commented
3 months ago It's happening in an isolated region. We have identified a workaround so the impact is mitigated for now, but the mitigation is manual. The issue arose while trying to implement IAM Roles for ServiceAccounts (IRSA) for the EKS EFS addon. We are unable to retrieve tokens as the STS endpoint has a different DNS name suffix.
whoix
commented
1 month ago @seanzatzdev-amazon @mskanth972 can we please merge the above PR? Customers for ISO regions are going to depend on this more and more.
STS_ENDPOINT_URL_FORMAT has the dns name suffix hardcoded to amazonaws.com which breaks calls to STS endpoints in AWS regions with different domain suffixes.