AWS STS Regions and endpoints - AWS Identity and Access Management

AWS STS Regions and endpoints

The following table lists the Regions and their endpoints. It indicates which ones are activated by default and which ones you can activate or deactivate.

Region name Endpoint Active by default Manually activate/deactivate
--Global-- sts.amazonaws.com Yes No
US East (Ohio) sts.us-east-2.amazonaws.com Yes Yes
US East (N. Virginia) sts.us-east-1.amazonaws.com Yes No
US West (N. California) sts.us-west-1.amazonaws.com Yes Yes
US West (Oregon) sts.us-west-2.amazonaws.com Yes Yes
Africa (Cape Town) sts.af-south-1.amazonaws.com No¹ No
Asia Pacific (Hong Kong) sts.ap-east-1.amazonaws.com No¹ No
Asia Pacific (Hyderabad) sts.ap-south-2.amazonaws.com No¹ No
Asia Pacific (Jakarta) sts.ap-southeast-3.amazonaws.com No¹ No
Asia Pacific (Melbourne) sts.ap-southeast-4.amazonaws.com No¹ No
Asia Pacific (Mumbai) sts.ap-south-1.amazonaws.com Yes Yes
Asia Pacific (Osaka) sts.ap-northeast-3.amazonaws.com Yes Yes
Asia Pacific (Seoul) sts.ap-northeast-2.amazonaws.com Yes Yes
Asia Pacific (Singapore) sts.ap-southeast-1.amazonaws.com Yes Yes
Asia Pacific (Sydney) sts.ap-southeast-2.amazonaws.com Yes Yes
Asia Pacific (Tokyo) sts.ap-northeast-1.amazonaws.com Yes Yes
Canada (Central) sts.ca-central-1.amazonaws.com Yes Yes
Canada West (Calgary) sts.ca-west-1.amazonaws.com Yes Yes
China (Beijing) sts.cn-north-1.amazonaws.com.cn Yes² No
China (Ningxia) sts.cn-northwest-1.amazonaws.com.cn Yes² Yes
Europe (Frankfurt) sts.eu-central-1.amazonaws.com Yes Yes
Europe (Ireland) sts.eu-west-1.amazonaws.com Yes Yes
Europe (London) sts.eu-west-2.amazonaws.com Yes Yes
Europe (Milan) sts.eu-south-1.amazonaws.com No¹ No
Europe (Paris) sts.eu-west-3.amazonaws.com Yes Yes
Europe (Spain) sts.eu-south-2.amazonaws.com No¹ No
Europe (Stockholm) sts.eu-north-1.amazonaws.com Yes Yes
Europe (Zurich) sts.eu-central-2.amazonaws.com No¹ No
Israel (Tel Aviv) sts.il-central-1.amazonaws.com No¹ No
Middle East (Bahrain) sts.me-south-1.amazonaws.com No¹ No
Middle East (UAE) sts.me-central-1.amazonaws.com No¹ No
South America (São Paulo) sts.sa-east-1.amazonaws.com Yes Yes

¹You must enable the Region to use it. This automatically activates AWS STS. You cannot manually activate or deactivate AWS STS in these Regions.

²To use AWS in China, you need an account and credentials specific to AWS in China.

AWS CloudTrail and Regional endpoints

Calls to regional and global endpoints are logged in the tlsDetails field in AWS CloudTrail. Calls to regional endpoints, such as us-east-2.amazonaws.com, are logged in CloudTrail to their appropriate region. Calls to the global endpoint, sts.amazonaws.com, are logged as calls to a global service. Events for global AWS STS endpoints are logged to us-east-1.

Note

tlsDetails can only be viewed for services that support this field. See Services that support TLS details in CloudTrail in the AWS CloudTrail User Guide

For more information, see Logging IAM and AWS STS API calls with AWS CloudTrail.