AWS Developer Tools Blog

Updating AWS SDK defaults – AWS STS service endpoint and Retry Strategy

AWS Software Development Kits (SDKs) and Command Line Interfaces (CLIs) are bundled with a default configuration that is carefully designed to optimize availability and reliability. Two such settings are the AWS Security Token Service (STS) endpoint and the default retry strategy. To improve the default posture for AWS customers, we will update these two defaults on July 31st 2025. The default AWS STS service endpoint will be changed to regional . and the default retry strategy to standard .

Using AWS STS regional endpoints

AWS STS can be accessed through Regional service endpoints, or a global endpoint. Requests to the global service endpoint map to the US East (N. Virginia) Region. While most AWS SDKs and CLIs default to the Regional service endpoints, the AWS SDKs for Python, PHP, C++, .NET and the AWS Tools for PowerShell still use the global service endpoint.

An AWS best practice is to use regional endpoints whenever possible since it removes the necessity to make cross-regional calls and to have inter-region dependencies. On July 31st, 2025, the SDKs and tools listed previously will release an update with their default STS service endpoint changed to the Regional endpoint (regional setting value). As a result, customers may experience a change in a behavior after updating. The other generally available AWS SDKs and CLIs already default to the Regional endpoint, with the exception of the AWS CLIv1. You can find details about moving to the Regional service endpoint in this recent AWS STS announcement.

Modernizing the default retry strategy

On July 31st, 2025, we will update the default retry strategy to standard in the AWS SDKs for C++, .NET, Java (v2), PHP, Python, Ruby, the AWS Tools for PowerShell and the AWS CLI (v2). AWS SDKs released after March 2020 already default to the standard retry strategy.

AWS SDKs retry requests for recoverable failures. AWS SDKs released before March 2020 default to the legacy strategy, which uses exponential backoff. In 2020, AWS SDKs introduced the standard retry strategy which provides a standardized retry behavior across SDKs, using token-bucket throttling. An Amazon best practice is to enable client-side throttling of retries to increase the availability of services without compromising the capability to recover from intermittent failures. With this change, all SDK customers will benefit from the updated strategy by default. For more information on token-bucket retries, read our documentation on retry behavior.

Preparing for the changes

We recommend that customers test their application before the release on July 31st, 2025. Customers can do so by opting in to the new configuration values as described in AWS STS Regional endpoints and retry behavior. We recognize that it takes time and effort to adapt to behavioral changes, so customers have the possibility to preemptively opt out of the change using the same mechanism. To do so, each parameter may be independently set to the legacy value. AWS recommends that customers opt out of the change temporarily to allow enough time for their migration to the new configuration values.

Feedback

As always, AWS welcomes feedback. You can reach us through GitHub discussions on one of our repositories:

About the author:

Alban Gicquel

Alban Gicquel

Alban started his career in France as a C++ Software Development Engineer and almost 20 years later, after re-inventing himself a few times is now the manager for AWS SDKs for Java and C++.