secrets/aws: add sts_region parameter to root config (#22726)

* Set region parameter to be used for STS only on AWS secrets engine * Add changelog * Fix formatting * region fix when not setting iam_endpoint or sts_endpoint * Add 'sts_region' parameter for AWS secrets engine. * Update TestBackend_PathConfigRoot for aws secrets * Update changelog entry --------- Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>
2025-11-01 19:17:58 +00:00 · 2024-10-04 20:33:09 +02:00
parent 7307c56f59
commit aeca0cdee6
4 changed files with 15 additions and 0 deletions
--- a/builtin/logical/aws/client.go
+++ b/builtin/logical/aws/client.go
@@ -48,6 +48,9 @@ func (b *backend) getRootConfig(ctx context.Context, s logical.Storage, clientTy
 			endpoint = *aws.String(config.IAMEndpoint)
 		case clientType == "sts" && config.STSEndpoint != "":
 			endpoint = *aws.String(config.STSEndpoint)
+			if config.STSRegion != "" {
+				credsConfig.Region = config.STSRegion
+			}
 		}

 		if config.IdentityTokenAudience != "" {