search

aws / git-remote-codecommit

An implementation of Git Remote Helper that makes it easier to interact with AWS CodeCommit
Apache License 2.0
271 stars 38 forks source link

Using regional sts endpoint by default #35

Open konoui opened 1 year ago

konoui commented 1 year ago

Currently, GRC uses a global sts endpoint(sts.amazonaws.com). AWS CLI v2 and major sdk use regional sts endpoint by default. We need to configure sts_regional_endpoints = regional for aws profiles when using vpc endpoints on isolated subnets even if using AWS CLI v2.

[profile cross-account]
role_arn = arn:aws:iam::1234567890:role/cross-account
source_profile = default
region = us-west-2
sts_regional_endpoints = regional

AWS STS Regionalized endpoints https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

Note: All new SDK major versions will default to regional in the future.

AWS CLI v2 Partial Default value is regional.