ClientAuthenticationFactory should enable to set the region for AWS IAM Authentication
#681
Comments
mp911de
changed the title
ClientAuthenticationFactory should enable to set the region for AWS IAM Authentication
spencergibb
pushed a commit
that referenced
this issue
Sep 14, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In some cases, the Vault instance which is making the proxy call to AWS, is configured to use the global STS endpoint (on
us-east-1), which is the default behavior. But when your application is deployed in another region, the authentication will fail asspring-vaultuse the region from your application and the request to AWS are signed with that region.As a consequence, you end up with an application deployed in one region and a Vault instance using the global STS endpoint, without no easy way to use the
spring-vaultclient to login.I propose to enable the region configuration in the ClientAuthenticationFactory and will be glad to help with a PR.
PS:
The problem was initially discussed in this issue from
spring-vault.The text was updated successfully, but these errors were encountered: