I have a Python-based Lambda function in VPC with an VPC endpoint creates for Amazon STS. However I could not connect to STS with timeout error:
I’d spent a lot of time trying to find a root cause and finally found an answer in documentation:
“After you create the VPC endpoint, you must use the matching regional endpoint to send your AWS STS requests.”
So the proper way to connect to AWS STS with Python Boto3 library is:
|
1 |
sts_client = boto3.client('sts', region_name=os.environ['AWS_REGION'], endpoint_url='https://sts.' + os.environ['AWS_REGION'] + '.amazonaws.com') |
It seems that when naively using STS through Boto3 (Python AWS SDK) the Global STS is targeted when we need to use a regional endpoint which is what the STS VPCIE is connected to.
Good luck!
