aws4 icon indicating copy to clipboard operation
aws4 copied to clipboard

Published 20 hours ago verified publisher icon mhart

Make STS multi-region

Open perpil opened this issue 1 year ago • 1 comments

STS has been multi-region for some time now. It's a best practice to use the regional endpoint for latency and availability reasons.

perpil avatar Dec 27 '23 00:12 perpil

I appreciate this change – unfortunately it would be (arguably) backwards incompatible, so I suspect it would need to land on a major update (ie, when/if this moves to 2.x). I say arguably because it shouldn't break anything per se, but it would potentially change where people's requests are going, which may be unexpected.

Just as an FYI for anyone stumbling across this – you can specify your own host to override this behaviour and still have it work with multi-region STS. ie:

aws4.sign({ host: 'sts.us-west-2.amazonaws.com', path: '/?Action=AssumeRole' })

(it will pull out the service and region correctly from the host – but you can also supply them yourself as well, there's no harm in that, and generally if you give service, region and host you've got the highest chance of signing everything correctly)

mhart avatar Apr 23 '24 12:04 mhart