sts_regional_endpoints - AWS SDKs and Tools Shared Configuration and Credentials


Specifies how the SDK or tool determines the AWS service endpoint that it uses to talk to the AWS Security Token Service (AWS STS).


Default value: legacy (exception: AWS CLI version 2 uses regional as the default value)

Valid values:

  • legacy – Uses the global AWS STS endpoint,, for the following AWS Regions: ap-northeast-1, ap-south-1, ap-southeast-1, ap-southeast-2, aws-global, ca-central-1, eu-central-1, eu-north-1, eu-west-1, eu-west-2, eu-west-3, sa-east-1, us-east-1, us-east-2, us-west-1, and us-west-2. All other Regions automatically use their respective regional endpoint.

  • regional – The SDK or tool always uses the AWS STS endpoint for the currently configured Region. For example, if the client is configured to use us-west-2, all calls to AWS STS are made to the regional endpoint, instead of the global endpoint. To send a request to the global endpoint while this setting is enabled, you can set the Region to aws-global.

Ways to set this value

Location Supported Example
config file Yes
sts_regional_endpoints = regional
credentials file -
Environment variable X Linux/macOS:
CLI parameter -

Compatibility with AWS SDKS and tools