From 4d0e3e7995fda027297f0998da8b5cff1f30af29 Mon Sep 17 00:00:00 2001
From: Simon Marty <martysi@amazon.com>
Date: Mon, 13 Mar 2023 10:21:35 -0700
Subject: [PATCH 1/2] Update README with info on sts issue

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 4a51e6a..7c76be8 100644
--- a/README.md
+++ b/README.md
@@ -93,3 +93,6 @@ The secret being used should be in the JSON format we use for our rotation lambd
 }
 ```
 
+## Credentials
+
+This library uses the [Default Credential Provider Chain](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html). If you are running this driver on EKS, this could cause the library to pick up the credentials of the node it is running on instead of the service account role ([issue](https://github.com/aws/aws-secretsmanager-jdbc/issues/55)). To address this, add version `1` of `com.amazonaws:aws-java-sdk-sts` to your Gradle/Maven project file as a dependency.

From 4766b4ded65ff817490700d8dd36fe1a6b0612f1 Mon Sep 17 00:00:00 2001
From: Dan Mancuso <danmanc@amazon.com>
Date: Wed, 15 Mar 2023 15:32:13 -0500
Subject: [PATCH 2/2] Update README.md

---
 README.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7c76be8..51a7b1f 100644
--- a/README.md
+++ b/README.md
@@ -95,4 +95,17 @@ The secret being used should be in the JSON format we use for our rotation lambd
 
 ## Credentials
 
-This library uses the [Default Credential Provider Chain](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html). If you are running this driver on EKS, this could cause the library to pick up the credentials of the node it is running on instead of the service account role ([issue](https://github.com/aws/aws-secretsmanager-jdbc/issues/55)). To address this, add version `1` of `com.amazonaws:aws-java-sdk-sts` to your Gradle/Maven project file as a dependency.
+This library uses the [Default Credential Provider Chain](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html). The following options exist to override some of the defaults:
+
+1) Set a PrivateLink DNS endpoint URL and a region in the secretsmanager.properties file:
+```text
+drivers.vpcEndpointUrl= #The endpoint URL
+drivers.vpcEndpointRegion= #The endpoint region
+```
+
+2) Override the primary region by setting the 'AWS_SECRET_JDBC_REGION' environment variable to the preferred region, or via the secretsmanager.properties file:
+```text
+drivers.region= #The region to use.
+```
+
+If this driver is running on EKS, the library could pick up the credentials of the node it is running on instead of the service account role ([issue](https://github.com/aws/aws-secretsmanager-jdbc/issues/55)). To address this, add version `1` of `com.amazonaws:aws-java-sdk-sts` to your Gradle/Maven project file as a dependency.
\ No newline at end of file