kangaechu
commented
2 months ago @gschueler Would you review this PR?
Closed kangaechu closed 3 weeks ago
kangaechu
commented
2 months ago @gschueler Would you review this PR?
kangaechu
commented
3 weeks ago @gschueler Wolud you merge this PR?
Closes #110
This modification allows the use of STS regionalized endpoints by specifying the AWS_STS_REGIONAL_ENDPOINTS=regional environment variable.
AWS STS has global and per-region endpoints. https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html
AWS recommends STS regionalized endpoints (AWS_STS_REGIONAL_ENDPOINTS=regional), but defaults to STS global endpoints (AWS_STS_REGIONAL_ENDPOINTS=legacy ).
On August 29, 2024, an AWS STS failure occurred and requests using the STS global endpoints failed. This failure did not affect requests using STS Regionalized endpoints.
The current implementation uses AWS SecurityTokenServiceClient when creating sts clients. This method is deprecated and does not read the STS endpoint configuration. https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/securitytoken/AWSSecurityTokenServiceClient.html#AWSSecurityTokenServiceClient-com.amazonaws.auth.AWSCredentialsProvider-com.amazonaws.ClientConfiguration-
Instead, the AWSsecurityTokenServiceClientBuilder is used to allow the STS endpoint settings to be respected.