AWS Security Blog

AWS Security Token Service Will Soon Be Active by Default in All AWS Regions

By the end of November 2015, AWS Security Token Service (STS) will be active by default in all AWS regions, which means that your applications and services can call AWS STS in a region geographically closer to you. This change will optimize latencies and improve application performance. Additionally, the multiregional resiliency provided by AWS STS regional endpoints will improve their availability.

Currently, AWS STS is deactivated by default in all except the US East (N. Virginia), AWS GovCloud (US), and China (Beijing) regions. To use the AWS STS regional endpoints, you have to sign in as an account administrator and manually activate the regional endpoints using the Account Settings page in the AWS Identity and Access Management (IAM) console.

For any new AWS account created after the change, AWS STS will be active by default in all regions. For existing accounts, we will retain your preference if you explicitly took an action to activate or deactivate an endpoint. Any endpoints that you did not update will be active once we make this change. If you would prefer to deactivate certain regional endpoints in your account, after we make the change, you can still visit the Account Settings page in the AWS IAM console to do so.

Important note: AWS STS endpoints in the US East (N. Virginia), AWS GovCloud (US), and China (Beijing) regions cannot be deactivated.

Image of the Account Settings page in the IAM console

If you have any questions or suggestions, submit a comment below or on the IAM forum.

– Akshat