AWS Security Blog

AWS Security Token Service (STS) Is Now Active by Default in All AWS Regions

My previous blog post on November 11, 2015, reported that we were preparing to activate AWS Security Token Service (STS) by default in all AWS regions. As of today, AWS STS is active by default in all AWS regions, for all customers. This means that your applications and services can immediately take advantage of reduced latency and multiregional resiliency by using the STS endpoint geographically closest to you. You can see the complete list of STS endpoints for all regions on the Regions and Endpoints page.

If you prefer to deactivate certain regional AWS STS endpoints in your account, you can visit the Account Settings page in the AWS Identity and Access Management (IAM) console. From the Account Settings page, you can see the regions in which AWS STS is currently active and deactivate AWS STS in specific regions. Only an account administrator (a user with at least iam:* permissions) can activate or deactivate AWS STS regions. Note that AWS STS endpoints in the US East (N. Virginia), AWS GovCloud (US), and China (Beijing) regions cannot be deactivated.

If you have any questions or suggestions, submit a comment below or on the IAM forum.

– Akshat