skip to Main Content

In the AWS IAM web console, I can inspect and change an account’s STS endpoint compatibility.
IAM -> Account Settings -> Security Token Service (STS) -> Global endpoint
The two choices are:

  • Valid only in AWS Regions enabled by default
  • All AWS Regions

I would like to be able to query this setting from my Go application, but looking through both the iam and sts go packages I have not found a call that appears to expose this setting.

Am I looking in the wrong places or is the setting buried somewhere that is not easily found? Any suggestions or recommendations would be appreciated.

2

Answers


  1. Chosen as BEST ANSWER

    I reached out to AWS support and got this, which directed me exactyly to what I was looking for:

    As described in the document [1], a value of the "Global endpoint" setting in the IAM console (IAM -> Account Settings -> Security Token Service (STS) -> Global endpoint) can be found in the GlobalEndpointTokenVersion entry in the response of GetAccountSummary API operation. The GlobalEndpointTokenVersion entry represents the following settings, respectively.

    1: Valid only in AWS Regions enabled by default 2: All AWS Regions

    For information on how to call the GetAccountSummary API with the AWS SDK for Go, please see the documentation [2].

    [1]https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetSecurityTokenServicePreferences.html

    To view the current session token version, see the GlobalEndpointTokenVersion entry in the response of the GetAccountSummary operation.

    [2]https://docs.aws.amazon.com/sdk-for-go/api/service/iam/#IAM.GetAccountSummary


  2. You are looking in the right place, but sometimes (not often) the console calls use undocumented calls or even use an unofficial api.
    You can use the chrome debugger to find that out.
    Here is how I searched for something similar undocumented. Maybe that helps: https://www.tecracer.com/blog/2023/03/the-story-of-how-an-undocumented-api-call-became-an-official-one-list-deleted-secrets-from-aws-secrets-manager-with-the-cli.html

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search