Support of AWS China account?

[SLoulergue]

Hello,

We have tested okta-aws-cli with AWS China account. AWS Federation is working in a browser but with okta-aws-cli we have an error

okta-aws-cli don't use regional STS and it seems not work with the global STS for AWS china account.

• https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html

Api debug logs:

-----------------------------------------------------
  ←[0;1;99mIdP: ←[0m←[0;36marn:aws-cn:iam::012345678910:saml-provider/OKTA←[0m
  ←[0;1;99mRole: ←[0m←[0;36marn:aws-cn:iam::012345678910:role/ROLENAME←[0m
2023/09/16 16:03:11 [DEBUG]  API Request Details:
---[ REQUEST ]---------------------------------------
POST / HTTP/1.1
Host: sts.amazonaws.com
Content-Length: 11386
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: aws-sdk-go/1.44.94 (go1.19.12; windows; amd64)
x
x
x
x
---[ RESPONSE ]--------------------------------------
HTTP/1.1 400 Bad Request
Connection: close
Content-Length: 449
Content-Type: text/xml
Date: Sat, 16 Sep 2023 14:03:12 GMT
X-Amzn-Requestid: 2da96917-6183-43f0-ad0e-e0f89d703002

<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <Error>
    <Type>Sender</Type>
    <Code>InvalidIdentityToken</Code>
    <Message>Specified provider doesn't exist (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlManifestNotFoundException; Request ID: 14469be3-6ac8-494f-825b-28a98d9588a8; Proxy: null)</Message>
  </Error>
  <RequestId>2da96917-6183-43f0-ad0e-e0f89d703002</RequestId>
</ErrorResponse>

-----------------------------------------------------

Is okta-aws-cli working for someone with AWS China account? If AWS China is not working I think usage of regional STS can solve this issue.

Thank you in advance.

[SLoulergue]

Hello

Hi have solved my issue with

export AWS_REGION='cn-north-1' 

AWS_DEFAULT_REGION don't work only AWS_REGION is used by okta-aws-cli?