Skip to content

Docs: Update documentation on assume role STS behavior to reflect regional endpoint change#17158

Open
NathanCYee wants to merge 1 commit into
apache:mainfrom
NathanCYee:update-sdk-sts-behavior-docs
Open

Docs: Update documentation on assume role STS behavior to reflect regional endpoint change#17158
NathanCYee wants to merge 1 commit into
apache:mainfrom
NathanCYee:update-sdk-sts-behavior-docs

Conversation

@NathanCYee

Copy link
Copy Markdown
Contributor

Updated the assume role documentation to remove the exclusion on the settings being applied to the STS client. #16794 changed the behavior to explicitly add a region to the STS client following the AWS recommended best practices. #10289 flagged that the regional endpoint was now enabled by default in the AWS Java 2.0 SDK.

There was a documented update that the STS service changed from only being served out of us-east-1 to becoming regional by default for non opt-in regions.

April 18, 2025: AWS has made changes to the AWS Security Token Service (AWS STS) global endpoint (sts.amazonaws.com) in Regions enabled by default to enhance its resiliency and performance. AWS STS requests to the global endpoint are automatically served in the same AWS Region as your workloads. These changes will not be deployed to opt-in Regions. We recommend that you use the appropriate AWS STS regional endpoints. For more information, see AWS STS global endpoint changes in the IAM User Guide.

The old behavior to use the global endpoint is now considered legacy in the SDK.

All new SDK major versions releasing after July 2022 will default to regional. New SDK major versions might remove this setting and use regional behavior. To reduce future impact regarding this change, we recommend you start using regional in your application when possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant