Announcing support for Sigv4A with session tokens issued in AWS GovCloud (US-West) Region

Posted on: May 22, 2024

Today, AWS Identity and Access Management (IAM) is announcing support for signing AWS API requests with the Sigv4A encryption algorithm using session tokens issued in the AWS GovCloud (US-West) Region. Cryptographically signing an AWS request with the Sigv4A algorithm allows you to send the request to service endpoints in any of the AWS GovCloud (US) Regions.

If workloads or callers in your account intend to sign AWS requests using Sigv4A, or you plan to adopt a specific AWS feature that requires it, configure the AWS Security Token Service (STS) endpoint in the AWS GovCloud (US-West) Region to vend session tokens that support the Sigv4A algorithm. You can configure this behavior either using the AWS IAM Console or calling the AWS IAM SetSecurityTokenServicePreferences API. Session tokens that support the Sigv4A algorithm are larger in size and match the size of session tokens issued by the STS endpoint in the AWS GovCloud (US-East) Region, which already supports the use of Sigv4A.

To learn more about the new console setting and IAM API, please visit Managing AWS STS in an AWS Region.