fix(sts): handle China STS regions (#3613)

prowler-cloud · Mar 27, 2024 · 3015381 · 3015381
1 parent 5b46bf4
commit 3015381
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/prowler/providers/aws/lib/credentials/credentials.py b/prowler/providers/aws/lib/credentials/credentials.py
@@ -69,6 +69,9 @@ def print_aws_credentials(audit_info: AWS_Audit_Info):
 def create_sts_session(
     session: session.Session, aws_region: str
 ) -> session.Session.client:
-    return session.client(
-        "sts", aws_region, endpoint_url=f"https://sts.{aws_region}.amazonaws.com"
+    sts_endpoint_url = (
+        f"https://sts.{aws_region}.amazonaws.com"
+        if "cn-" not in aws_region
+        else f"https://sts.{aws_region}.amazonaws.com.cn"
     )
+    return session.client("sts", aws_region, endpoint_url=sts_endpoint_url)
diff --git a/tests/providers/aws/lib/credentials/credentials_test.py b/tests/providers/aws/lib/credentials/credentials_test.py
@@ -507,4 +507,4 @@ def test_create_sts_session_china(self):
         sts_client = create_sts_session(session, aws_region)
 
         assert sts_client._endpoint._endpoint_prefix == "sts"
-        assert sts_client._endpoint.host == f"https://sts.{aws_region}.amazonaws.com"
+        assert sts_client._endpoint.host == f"https://sts.{aws_region}.amazonaws.com.cn"