AWS IAM documentation change
Summary
Updated STS global endpoint documentation to reflect implemented changes rather than future plans
Security assessment
Documents already-deployed STS endpoint improvements for reliability. While resiliency contributes to security posture, this change doesn't introduce new security features or address specific vulnerabilities.
Diff
diff --git a/IAM/latest/UserGuide/id_credentials_temp_enable-regions.md b/IAM/latest/UserGuide/id_credentials_temp_enable-regions.md index be7ef7c41..421ade517 100644 --- a//IAM/latest/UserGuide/id_credentials_temp_enable-regions.md +++ b//IAM/latest/UserGuide/id_credentials_temp_enable-regions.md @@ -24 +24 @@ For a list of AWS STS Regions and their endpoints, see [AWS STS Regions and endp -Starting in early 2025, in AWS Regions that are [enabled by default](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html), AWS STS requests to the global endpoint (`https://sts.amazonaws.com`) will be automatically served in the same AWS Region as your workloads. These changes will be gradually deployed by mid-2025. These changes will not be deployed to opt-in Regions. We recommend that you use the appropriate AWS STS regional endpoints. For more information, see [AWS STS global endpoint changes](./id_credentials_temp_region-endpoints.html#reference_sts_global_endpoint_changes). +AWS has made changes to the AWS Security Token Service (AWS STS) global endpoint (`https://sts.amazonaws.com`) in Regions [enabled by default](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html) to enhance its resiliency and performance. AWS STS requests to the global endpoint are automatically served in the same AWS Region as your workloads. These changes will not be deployed to opt-in Regions. We recommend that you use the appropriate AWS STS regional endpoints. For more information, see [AWS STS global endpoint changes](./id_credentials_temp_region-endpoints.html#reference_sts_global_endpoint_changes).