Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use of the AWS Global STS endpoint #28720

Open
liwadman opened this issue Oct 16, 2024 · 0 comments
Open

Use of the AWS Global STS endpoint #28720

liwadman opened this issue Oct 16, 2024 · 0 comments
Labels
ecosystem secret/aws

Comments

@liwadman
Copy link

Describe the bug
It looks like you're hardcoding the AWS Global STS endpoint here:

vault/builtin/credential/aws/path_login.go

Line 297 in bce085b

endpoint := "https://sts.amazonaws.com"

You should never do this - there is no valid usecase to use the global endpoint. Customers should be able to specify which regional endpoint their vault is using.

To Reproduce
see code link

Expected behavior

Let customers specify a regional endpoint, or use the regional endpoint that is specified in the GCI request.

Environment:
N/A

Vault server configuration file(s):

# Paste your Vault config here.
# Be sure to scrub any sensitive values

Additional context

Please feel free to reach out, I am with AWS Identity.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ecosystem secret/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@miagilepner @liwadman