I have Instance which is in Ireland ,But in cloud trail it is showing the differnet region N.Virginai.
Event Name:AssumeRole.
Can anyone tell me why it is showing different region in cloud trail log
Asked
Active
Viewed 130 times
2
-
No as we don't have any information on who and where is assuming the role and we don't have any example of the event. – Ermiya Eskandary Dec 07 '21 at 11:58
-
1It is Assuming the role of north virginia and instance belongs to ireland – Hacker Dec 07 '21 at 12:01
-
IAM is global service and hence you will find us-east-1 which is applicable for all non regional services – omuthu Dec 07 '21 at 12:32
1 Answers
0
Some global services have a single endpoint. Because this endpoint is physically located in the US East (N. Virginia) Region, calls are always made to the us-east-1 Region.
From STS API Reference:
By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build in redundancy, and increase session token validity.
It happens with other global services like IAM and CloudFront too, for example, if you want to apply Lambda@Edge, your lambda function must be in US East (N. Virginia) Region. Or if you want to use an ACM certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region.
Reference:
OARP
- 3,429
- 1
- 11
- 20