AWS STS Regionalized endpoints
By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests go
to a single endpoint at https://sts.amazonaws.com
. Global requests map to the
US East (N. Virginia) Region. AWS recommends using Regional AWS STS endpoints instead of the
global endpoint. For more information on AWS STS endpoints, Endpoints in the
AWS Security Token Service API Reference.
Configure this functionality by using the following:
sts_regional_endpoints
- shared AWSconfig
file settingAWS_STS_REGIONAL_ENDPOINTS
- environment variable-
This setting specifies how the SDK or tool determines the AWS service endpoint that it uses to talk to the AWS Security Token Service (AWS STS).
Default value:
legacy
Note
All new SDK major versions releasing after July 2022 will default to
regional
. New SDK major versions might remove this setting and useregional
behavior. To reduce future impact regarding this change, we recommend you start usingregional
in your application when possible.Valid values: (Recommended value:
regional
)-
legacy
– Uses the global AWS STS endpoint,sts.amazonaws.com
, for the following AWS Regions:ap-northeast-1
,ap-south-1
,ap-southeast-1
,ap-southeast-2
,aws-global
,ca-central-1
,eu-central-1
,eu-north-1
,eu-west-1
,eu-west-2
,eu-west-3
,sa-east-1
,us-east-1
,us-east-2
,us-west-1
, andus-west-2
. All other Regions automatically use their respective Regional endpoint. -
regional
– The SDK or tool always uses the AWS STS endpoint for the currently configured Region. For example, if the client is configured to useus-west-2
, all calls to AWS STS are made to the Regional endpointsts.us-west-2.amazonaws.com
, instead of the globalsts.amazonaws.com
endpoint. To send a request to the global endpoint while this setting is enabled, you can set the Region toaws-global
.
Example of setting these values in the
config
file:[default] sts_regional_endpoints = regional
Linux/macOS example of setting environment variables via command line:
export AWS_STS_REGIONAL_ENDPOINTS=regional
Windows example of setting environment variables via command line:
setx AWS_STS_REGIONAL_ENDPOINTS regional
-
Compatibility with AWS SDKs
The following SDKs support the features and settings described in this topic. Any partial exceptions are noted. Any JVM system property settings are supported by the AWS SDK for Java and the AWS SDK for Kotlin only.
SDK | Supported | Notes or more information |
---|---|---|
AWS CLI v2 | Partial | Default value is regional . |
SDK for C++ | Partial | Environment variable and config file setting not
supported. SDK performs with regional setting. |
SDK for Go V2 (1.x) |
Yes | |
SDK for Go 1.x (V1) | Yes | To use shared config file settings, you must turn on loading from the config file; see Sessions. |
SDK for Java 2.x | Yes | |
SDK for Java 1.x | Yes | |
SDK for JavaScript 3.x | Yes | |
SDK for JavaScript 2.x | Yes | |
SDK for Kotlin | No | |
SDK for .NET 3.x | Yes | |
SDK for PHP 3.x | Yes | |
SDK for Python (Boto3) |
Yes | |
SDK for Ruby 3.x | Yes | |
SDK for Rust | Yes | |
Tools for PowerShell | Yes |