Add note about Beijing STS endpoint

hashicorp · Jan 9, 2018 · e598ffc · e598ffc
1 parent 128fdef
commit e598ffc
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/lib/vault/api/auth.rb b/lib/vault/api/auth.rb
@@ -205,6 +205,8 @@ def aws_iam(role, credentials_provider, sts_endpoint = 'https://sts.amazonaws.co
       require "aws-sigv4"
       require "base64"
 
+      # STS in the China (Beijing) region (cn-north-1) is sts.cn-north-1.amazonaws.com.cn
+      # Take care changing below regex with that edge case in mind
       valid_sts_endpoint = %r{https:\/\/sts.?(.*).amazonaws.com}.match(sts_endpoint)
       raise "Unable to parse STS endpoint #{sts_url}" unless valid_sts_endpoint
       region = valid_sts_endpoint[1].empty? ? 'us-east-1' : valid_sts_endpoint[1]