[aws-cpp-sdk-sts]: please add support for regional STS endpoints

[grrtrr]

Problem Description

The STSCredentialsClient has been supporting regional STS endpoints since June 30, 2020 (1474693).

The documentation says that

All new SDK major versions releasing after July 2022 will default to regional.

But this is in regard to the sts_regional_endpoints config file setting or AWS_STS_REGIONAL_ENDPOINTS environment variable, which the C++ SDK does not support.

The Aws::STSClient in aws-sdk-cpp/generated/src/aws-cpp-sdk-sts/source still uses the global STS endpoint (sts.amazonaws.com), according to the rules:

    "UseGlobalEndpoint": {
      "builtIn": "AWS::STS::UseGlobalEndpoint",
      "required": true,
      "default": false,
      "documentation": "Whether the global endpoint should be used, rather then the regional endpoint for us-east-1.",
      "type": "Boolean"
    }

It seems the only way to use a regional STS endpoint with the aws-cpp-sdk-sts endpoint is to override the endpoint manually.

It seems there are some changes to the global STS endpoint resolution in DNS, but this seems to require to enable the AWS DNS resolver in the VPC (which is not necessarily enabled).

Requested change

Please can you enable support for the regional STS endpoint in the aws-cpp-sdk-sts package by default, so that its behaviour matches that of the STSCredentialsClient.

AWS CPP SDK version used

1.11.x (but problem is also present on main).

Compiler and Version used

clang

Operating System and version

ubuntu 22.04

[sbiscigl]

Please can you enable support for the regional STS endpoint in the aws-cpp-sdk-sts package by default, so that its behaviour matches that of the STSCredentialsClient.

it looks like it defaults to regional endpoint, from running the code:

#include <aws/core/Aws.h>
#include <aws/sts/STSClient.h>

using namespace Aws;
using namespace Aws::Utils;
using namespace Aws::Utils::Logging;
using namespace Aws::STS;

class SdkContext {
 public:
  explicit SdkContext(SDKOptions&& options) : options_(std::move(options)) { InitAPI(options_); }
  ~SdkContext() { ShutdownAPI(options_); }

 private:
  SDKOptions options_;
};

auto main() -> int {
  SDKOptions options;
  options.loggingOptions.logLevel = LogLevel::Trace;
  SdkContext context(std::move(options));

  STSClient client{};
  const auto response = client.GetCallerIdentity();
  assert(response.IsSuccess());
  return 0;
}

in the log there will be something along the lines as

[DEBUG] 2025-10-31 20:08:10.046 Aws::Endpoint::DefaultEndpointProvider [0x2077ca140] Endpoint rules engine evaluated the endpoint: https://sts.us-east-1.amazonaws.com

and alternatively if you create the client like

STSClientConfiguration configuration{};
configuration.region = "us-west-2";
STSClient client{configuration};

you will see in the logs

[DEBUG] 2025-10-31 20:11:32.862 Aws::Endpoint::DefaultEndpointProvider [0x2077ca140] Endpoint rules engine evaluated the endpoint: https://sts.us-west-2.amazonaws.com

So we will always use a regional endpoint, you cannot force it to be global.

So i guess my question if for the statement "The Aws::STSClient in aws-sdk-cpp/generated/src/aws-cpp-sdk-sts/source still uses the global STS endpoint". from what i can tell it is not. can you provide any snippet that will use the global endpoint by default?

[grrtrr]

Please can you enable support for the regional STS endpoint in the aws-cpp-sdk-sts package by default, so that its behaviour matches that of the STSCredentialsClient.

it looks like it defaults to regional endpoint, from running the code:

Ok great - did this change recently?
I still had this in my to-do list and relied solely on parsing the code-generation json (from STSEndpointRules.cpp).

[grrtrr]

It took a little longer to understand. Found that it uses the Aws::Client::ClientConfiguration, which will consult ~/.aws/credentials, AWS_DEFAULT_REGION, and AWS_REGION, then falling back to us-east-1.
Thanks for pointing me on the right track.

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.