Posted On: Apr 26, 2019

AWS Security Token Service (STS) now enables you to request session tokens from the global STS endpoint that work in all AWS Regions. Using your AWS Identity and Access Management (IAM) users or roles, you can configure the global STS endpoint to vend session tokens that are compatible with all AWS Regions.  

When you use IAM roles to access AWS, you request session tokens from an STS endpoint. Session tokens from regional STS endpoints are valid in all Regions. We recommend using regional endpoints. Session tokens from the global STS endpoint ( are valid only in the AWS Regions that are enabled by default. Starting with the Hong Kong region, new AWS Regions are not enabled by default for your AWS account. So, if you intend to use the global STS endpoint with new AWS Regions for your account, you need to configure the global STS endpoint to issue tokens that are valid in all AWS Regions using the IAM console or an IAM API. These tokens are bigger in size and match the size of the session tokens issued by regional STS endpoints. To learn more about the new console setting and IAM API, please visit using session tokens in AWS Regions