From 7de05feb77318a380cdb23265b3c08588773e9c3 Mon Sep 17 00:00:00 2001 From: "Casale, Robert" Date: Thu, 27 Jul 2023 16:17:37 -0400 Subject: [PATCH] feat(aws): enable regional endpoint resolving for STS Signed-off-by: Casale, Robert --- pkg/plugins/identity/saml/sp/aws/provider.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/plugins/identity/saml/sp/aws/provider.go b/pkg/plugins/identity/saml/sp/aws/provider.go index 79e543cc..a553895f 100644 --- a/pkg/plugins/identity/saml/sp/aws/provider.go +++ b/pkg/plugins/identity/saml/sp/aws/provider.go @@ -27,6 +27,7 @@ import ( "go.uber.org/zap" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/sts" @@ -266,7 +267,8 @@ func (p *ServiceProvider) getRoleFromPrompt(accounts []*saml2aws.AWSAccount, rol func (p *ServiceProvider) loginToStsUsingRole(account *cfg.IDPAccount, role *saml2aws.AWSRole, samlAssertion string) (*awsconfig.AWSCredentials, error) { sess, err := session.NewSession(&aws.Config{ - Region: &account.Region, + Region: &account.Region, + STSRegionalEndpoint: endpoints.RegionalSTSEndpoint, }) if err != nil { return nil, fmt.Errorf("creating aws session: %w", err)