Investigate if we need to have global STS endpoint #472

jaydeokar · 2024-09-17T05:28:25Z

What would you like to be enhanced:
Investigate if we need to have a global fallback sts endpoint as per this comment

amazon-vpc-resource-controller-k8s/pkg/aws/ec2/api/wrapper.go

Lines 536 to 539 in dd3564c

    
           // Get the global sts end point 
        
           // TODO: we should revisit the global sts endpoint and check if we should remove global endpoint 
        
           // we are not using it since the concern on availability and performance 
        
           // https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html

Also this piece of code where if regional STS !=global STS we still end up using the regional STS endpoint. It should be global STS if regional is not available.

amazon-vpc-resource-controller-k8s/pkg/aws/ec2/api/wrapper.go

Lines 547 to 549 in dd3564c

    
           if regionalSTSEndpoint.URL != globalSTSEndpoint.URL { 
        
           	globalProvider := &stscreds.AssumeRoleProvider{ 
        
           		Client:   e.createSTSClient(userStsSession, client, regionalSTSEndpoint, sourceAcct, sourceArn),

Why is the change needed and what use case will it solve:

jaydeokar added enhancement New feature or request need investigation Need some research to go forward and removed enhancement New feature or request labels Sep 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Investigate if we need to have global STS endpoint #472

Investigate if we need to have global STS endpoint #472

jaydeokar commented Sep 17, 2024 •

edited

Loading

Investigate if we need to have global STS endpoint #472

Investigate if we need to have global STS endpoint #472

Comments

jaydeokar commented Sep 17, 2024 • edited Loading

jaydeokar commented Sep 17, 2024 •

edited

Loading