1{ 2 "version": "1.0", 3 "parameters": { 4 "Region": { 5 "builtIn": "AWS::Region", 6 "required": false, 7 "documentation": "The AWS region used to dispatch the request.", 8 "type": "String" 9 }, 10 "UseDualStack": { 11 "builtIn": "AWS::UseDualStack", 12 "required": true, 13 "default": false, 14 "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", 15 "type": "Boolean" 16 }, 17 "UseFIPS": { 18 "builtIn": "AWS::UseFIPS", 19 "required": true, 20 "default": false, 21 "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", 22 "type": "Boolean" 23 }, 24 "Endpoint": { 25 "builtIn": "SDK::Endpoint", 26 "required": false, 27 "documentation": "Override the endpoint used to send this request", 28 "type": "String" 29 }, 30 "UseGlobalEndpoint": { 31 "builtIn": "AWS::STS::UseGlobalEndpoint", 32 "required": true, 33 "default": false, 34 "documentation": "Whether the global endpoint should be used, rather then the regional endpoint for us-east-1.", 35 "type": "Boolean" 36 } 37 }, 38 "rules": [ 39 { 40 "conditions": [ 41 { 42 "fn": "booleanEquals", 43 "argv": [ 44 { 45 "ref": "UseGlobalEndpoint" 46 }, 47 true 48 ] 49 }, 50 { 51 "fn": "not", 52 "argv": [ 53 { 54 "fn": "isSet", 55 "argv": [ 56 { 57 "ref": "Endpoint" 58 } 59 ] 60 } 61 ] 62 }, 63 { 64 "fn": "isSet", 65 "argv": [ 66 { 67 "ref": "Region" 68 } 69 ] 70 }, 71 { 72 "fn": "aws.partition", 73 "argv": [ 74 { 75 "ref": "Region" 76 } 77 ], 78 "assign": "PartitionResult" 79 }, 80 { 81 "fn": "booleanEquals", 82 "argv": [ 83 { 84 "ref": "UseFIPS" 85 }, 86 false 87 ] 88 }, 89 { 90 "fn": "booleanEquals", 91 "argv": [ 92 { 93 "ref": "UseDualStack" 94 }, 95 false 96 ] 97 } 98 ], 99 "rules": [ 100 { 101 "conditions": [ 102 { 103 "fn": "stringEquals", 104 "argv": [ 105 { 106 "ref": "Region" 107 }, 108 "ap-northeast-1" 109 ] 110 } 111 ], 112 "endpoint": { 113 "url": "https://sts.amazonaws.com", 114 "properties": { 115 "authSchemes": [ 116 { 117 "name": "sigv4", 118 "signingName": "sts", 119 "signingRegion": "us-east-1" 120 } 121 ] 122 }, 123 "headers": {} 124 }, 125 "type": "endpoint" 126 }, 127 { 128 "conditions": [ 129 { 130 "fn": "stringEquals", 131 "argv": [ 132 { 133 "ref": "Region" 134 }, 135 "ap-south-1" 136 ] 137 } 138 ], 139 "endpoint": { 140 "url": "https://sts.amazonaws.com", 141 "properties": { 142 "authSchemes": [ 143 { 144 "name": "sigv4", 145 "signingName": "sts", 146 "signingRegion": "us-east-1" 147 } 148 ] 149 }, 150 "headers": {} 151 }, 152 "type": "endpoint" 153 }, 154 { 155 "conditions": [ 156 { 157 "fn": "stringEquals", 158 "argv": [ 159 { 160 "ref": "Region" 161 }, 162 "ap-southeast-1" 163 ] 164 } 165 ], 166 "endpoint": { 167 "url": "https://sts.amazonaws.com", 168 "properties": { 169 "authSchemes": [ 170 { 171 "name": "sigv4", 172 "signingName": "sts", 173 "signingRegion": "us-east-1" 174 } 175 ] 176 }, 177 "headers": {} 178 }, 179 "type": "endpoint" 180 }, 181 { 182 "conditions": [ 183 { 184 "fn": "stringEquals", 185 "argv": [ 186 { 187 "ref": "Region" 188 }, 189 "ap-southeast-2" 190 ] 191 } 192 ], 193 "endpoint": { 194 "url": "https://sts.amazonaws.com", 195 "properties": { 196 "authSchemes": [ 197 { 198 "name": "sigv4", 199 "signingName": "sts", 200 "signingRegion": "us-east-1" 201 } 202 ] 203 }, 204 "headers": {} 205 }, 206 "type": "endpoint" 207 }, 208 { 209 "conditions": [ 210 { 211 "fn": "stringEquals", 212 "argv": [ 213 { 214 "ref": "Region" 215 }, 216 "aws-global" 217 ] 218 } 219 ], 220 "endpoint": { 221 "url": "https://sts.amazonaws.com", 222 "properties": { 223 "authSchemes": [ 224 { 225 "name": "sigv4", 226 "signingName": "sts", 227 "signingRegion": "us-east-1" 228 } 229 ] 230 }, 231 "headers": {} 232 }, 233 "type": "endpoint" 234 }, 235 { 236 "conditions": [ 237 { 238 "fn": "stringEquals", 239 "argv": [ 240 { 241 "ref": "Region" 242 }, 243 "ca-central-1" 244 ] 245 } 246 ], 247 "endpoint": { 248 "url": "https://sts.amazonaws.com", 249 "properties": { 250 "authSchemes": [ 251 { 252 "name": "sigv4", 253 "signingName": "sts", 254 "signingRegion": "us-east-1" 255 } 256 ] 257 }, 258 "headers": {} 259 }, 260 "type": "endpoint" 261 }, 262 { 263 "conditions": [ 264 { 265 "fn": "stringEquals", 266 "argv": [ 267 { 268 "ref": "Region" 269 }, 270 "eu-central-1" 271 ] 272 } 273 ], 274 "endpoint": { 275 "url": "https://sts.amazonaws.com", 276 "properties": { 277 "authSchemes": [ 278 { 279 "name": "sigv4", 280 "signingName": "sts", 281 "signingRegion": "us-east-1" 282 } 283 ] 284 }, 285 "headers": {} 286 }, 287 "type": "endpoint" 288 }, 289 { 290 "conditions": [ 291 { 292 "fn": "stringEquals", 293 "argv": [ 294 { 295 "ref": "Region" 296 }, 297 "eu-north-1" 298 ] 299 } 300 ], 301 "endpoint": { 302 "url": "https://sts.amazonaws.com", 303 "properties": { 304 "authSchemes": [ 305 { 306 "name": "sigv4", 307 "signingName": "sts", 308 "signingRegion": "us-east-1" 309 } 310 ] 311 }, 312 "headers": {} 313 }, 314 "type": "endpoint" 315 }, 316 { 317 "conditions": [ 318 { 319 "fn": "stringEquals", 320 "argv": [ 321 { 322 "ref": "Region" 323 }, 324 "eu-west-1" 325 ] 326 } 327 ], 328 "endpoint": { 329 "url": "https://sts.amazonaws.com", 330 "properties": { 331 "authSchemes": [ 332 { 333 "name": "sigv4", 334 "signingName": "sts", 335 "signingRegion": "us-east-1" 336 } 337 ] 338 }, 339 "headers": {} 340 }, 341 "type": "endpoint" 342 }, 343 { 344 "conditions": [ 345 { 346 "fn": "stringEquals", 347 "argv": [ 348 { 349 "ref": "Region" 350 }, 351 "eu-west-2" 352 ] 353 } 354 ], 355 "endpoint": { 356 "url": "https://sts.amazonaws.com", 357 "properties": { 358 "authSchemes": [ 359 { 360 "name": "sigv4", 361 "signingName": "sts", 362 "signingRegion": "us-east-1" 363 } 364 ] 365 }, 366 "headers": {} 367 }, 368 "type": "endpoint" 369 }, 370 { 371 "conditions": [ 372 { 373 "fn": "stringEquals", 374 "argv": [ 375 { 376 "ref": "Region" 377 }, 378 "eu-west-3" 379 ] 380 } 381 ], 382 "endpoint": { 383 "url": "https://sts.amazonaws.com", 384 "properties": { 385 "authSchemes": [ 386 { 387 "name": "sigv4", 388 "signingName": "sts", 389 "signingRegion": "us-east-1" 390 } 391 ] 392 }, 393 "headers": {} 394 }, 395 "type": "endpoint" 396 }, 397 { 398 "conditions": [ 399 { 400 "fn": "stringEquals", 401 "argv": [ 402 { 403 "ref": "Region" 404 }, 405 "sa-east-1" 406 ] 407 } 408 ], 409 "endpoint": { 410 "url": "https://sts.amazonaws.com", 411 "properties": { 412 "authSchemes": [ 413 { 414 "name": "sigv4", 415 "signingName": "sts", 416 "signingRegion": "us-east-1" 417 } 418 ] 419 }, 420 "headers": {} 421 }, 422 "type": "endpoint" 423 }, 424 { 425 "conditions": [ 426 { 427 "fn": "stringEquals", 428 "argv": [ 429 { 430 "ref": "Region" 431 }, 432 "us-east-1" 433 ] 434 } 435 ], 436 "endpoint": { 437 "url": "https://sts.amazonaws.com", 438 "properties": { 439 "authSchemes": [ 440 { 441 "name": "sigv4", 442 "signingName": "sts", 443 "signingRegion": "us-east-1" 444 } 445 ] 446 }, 447 "headers": {} 448 }, 449 "type": "endpoint" 450 }, 451 { 452 "conditions": [ 453 { 454 "fn": "stringEquals", 455 "argv": [ 456 { 457 "ref": "Region" 458 }, 459 "us-east-2" 460 ] 461 } 462 ], 463 "endpoint": { 464 "url": "https://sts.amazonaws.com", 465 "properties": { 466 "authSchemes": [ 467 { 468 "name": "sigv4", 469 "signingName": "sts", 470 "signingRegion": "us-east-1" 471 } 472 ] 473 }, 474 "headers": {} 475 }, 476 "type": "endpoint" 477 }, 478 { 479 "conditions": [ 480 { 481 "fn": "stringEquals", 482 "argv": [ 483 { 484 "ref": "Region" 485 }, 486 "us-west-1" 487 ] 488 } 489 ], 490 "endpoint": { 491 "url": "https://sts.amazonaws.com", 492 "properties": { 493 "authSchemes": [ 494 { 495 "name": "sigv4", 496 "signingName": "sts", 497 "signingRegion": "us-east-1" 498 } 499 ] 500 }, 501 "headers": {} 502 }, 503 "type": "endpoint" 504 }, 505 { 506 "conditions": [ 507 { 508 "fn": "stringEquals", 509 "argv": [ 510 { 511 "ref": "Region" 512 }, 513 "us-west-2" 514 ] 515 } 516 ], 517 "endpoint": { 518 "url": "https://sts.amazonaws.com", 519 "properties": { 520 "authSchemes": [ 521 { 522 "name": "sigv4", 523 "signingName": "sts", 524 "signingRegion": "us-east-1" 525 } 526 ] 527 }, 528 "headers": {} 529 }, 530 "type": "endpoint" 531 }, 532 { 533 "conditions": [], 534 "endpoint": { 535 "url": "https://sts.{Region}.{PartitionResult#dnsSuffix}", 536 "properties": { 537 "authSchemes": [ 538 { 539 "name": "sigv4", 540 "signingName": "sts", 541 "signingRegion": "{Region}" 542 } 543 ] 544 }, 545 "headers": {} 546 }, 547 "type": "endpoint" 548 } 549 ], 550 "type": "tree" 551 }, 552 { 553 "conditions": [ 554 { 555 "fn": "isSet", 556 "argv": [ 557 { 558 "ref": "Endpoint" 559 } 560 ] 561 } 562 ], 563 "rules": [ 564 { 565 "conditions": [ 566 { 567 "fn": "booleanEquals", 568 "argv": [ 569 { 570 "ref": "UseFIPS" 571 }, 572 true 573 ] 574 } 575 ], 576 "error": "Invalid Configuration: FIPS and custom endpoint are not supported", 577 "type": "error" 578 }, 579 { 580 "conditions": [ 581 { 582 "fn": "booleanEquals", 583 "argv": [ 584 { 585 "ref": "UseDualStack" 586 }, 587 true 588 ] 589 } 590 ], 591 "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", 592 "type": "error" 593 }, 594 { 595 "conditions": [], 596 "endpoint": { 597 "url": { 598 "ref": "Endpoint" 599 }, 600 "properties": {}, 601 "headers": {} 602 }, 603 "type": "endpoint" 604 } 605 ], 606 "type": "tree" 607 }, 608 { 609 "conditions": [ 610 { 611 "fn": "isSet", 612 "argv": [ 613 { 614 "ref": "Region" 615 } 616 ] 617 } 618 ], 619 "rules": [ 620 { 621 "conditions": [ 622 { 623 "fn": "aws.partition", 624 "argv": [ 625 { 626 "ref": "Region" 627 } 628 ], 629 "assign": "PartitionResult" 630 } 631 ], 632 "rules": [ 633 { 634 "conditions": [ 635 { 636 "fn": "booleanEquals", 637 "argv": [ 638 { 639 "ref": "UseFIPS" 640 }, 641 true 642 ] 643 }, 644 { 645 "fn": "booleanEquals", 646 "argv": [ 647 { 648 "ref": "UseDualStack" 649 }, 650 true 651 ] 652 } 653 ], 654 "rules": [ 655 { 656 "conditions": [ 657 { 658 "fn": "booleanEquals", 659 "argv": [ 660 true, 661 { 662 "fn": "getAttr", 663 "argv": [ 664 { 665 "ref": "PartitionResult" 666 }, 667 "supportsFIPS" 668 ] 669 } 670 ] 671 }, 672 { 673 "fn": "booleanEquals", 674 "argv": [ 675 true, 676 { 677 "fn": "getAttr", 678 "argv": [ 679 { 680 "ref": "PartitionResult" 681 }, 682 "supportsDualStack" 683 ] 684 } 685 ] 686 } 687 ], 688 "rules": [ 689 { 690 "conditions": [], 691 "endpoint": { 692 "url": "https://sts-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", 693 "properties": {}, 694 "headers": {} 695 }, 696 "type": "endpoint" 697 } 698 ], 699 "type": "tree" 700 }, 701 { 702 "conditions": [], 703 "error": "FIPS and DualStack are enabled, but this partition does not support one or both", 704 "type": "error" 705 } 706 ], 707 "type": "tree" 708 }, 709 { 710 "conditions": [ 711 { 712 "fn": "booleanEquals", 713 "argv": [ 714 { 715 "ref": "UseFIPS" 716 }, 717 true 718 ] 719 } 720 ], 721 "rules": [ 722 { 723 "conditions": [ 724 { 725 "fn": "booleanEquals", 726 "argv": [ 727 { 728 "fn": "getAttr", 729 "argv": [ 730 { 731 "ref": "PartitionResult" 732 }, 733 "supportsFIPS" 734 ] 735 }, 736 true 737 ] 738 } 739 ], 740 "rules": [ 741 { 742 "conditions": [ 743 { 744 "fn": "stringEquals", 745 "argv": [ 746 { 747 "fn": "getAttr", 748 "argv": [ 749 { 750 "ref": "PartitionResult" 751 }, 752 "name" 753 ] 754 }, 755 "aws-us-gov" 756 ] 757 } 758 ], 759 "endpoint": { 760 "url": "https://sts.{Region}.amazonaws.com", 761 "properties": {}, 762 "headers": {} 763 }, 764 "type": "endpoint" 765 }, 766 { 767 "conditions": [], 768 "endpoint": { 769 "url": "https://sts-fips.{Region}.{PartitionResult#dnsSuffix}", 770 "properties": {}, 771 "headers": {} 772 }, 773 "type": "endpoint" 774 } 775 ], 776 "type": "tree" 777 }, 778 { 779 "conditions": [], 780 "error": "FIPS is enabled but this partition does not support FIPS", 781 "type": "error" 782 } 783 ], 784 "type": "tree" 785 }, 786 { 787 "conditions": [ 788 { 789 "fn": "booleanEquals", 790 "argv": [ 791 { 792 "ref": "UseDualStack" 793 }, 794 true 795 ] 796 } 797 ], 798 "rules": [ 799 { 800 "conditions": [ 801 { 802 "fn": "booleanEquals", 803 "argv": [ 804 true, 805 { 806 "fn": "getAttr", 807 "argv": [ 808 { 809 "ref": "PartitionResult" 810 }, 811 "supportsDualStack" 812 ] 813 } 814 ] 815 } 816 ], 817 "rules": [ 818 { 819 "conditions": [], 820 "endpoint": { 821 "url": "https://sts.{Region}.{PartitionResult#dualStackDnsSuffix}", 822 "properties": {}, 823 "headers": {} 824 }, 825 "type": "endpoint" 826 } 827 ], 828 "type": "tree" 829 }, 830 { 831 "conditions": [], 832 "error": "DualStack is enabled but this partition does not support DualStack", 833 "type": "error" 834 } 835 ], 836 "type": "tree" 837 }, 838 { 839 "conditions": [ 840 { 841 "fn": "stringEquals", 842 "argv": [ 843 { 844 "ref": "Region" 845 }, 846 "aws-global" 847 ] 848 } 849 ], 850 "endpoint": { 851 "url": "https://sts.amazonaws.com", 852 "properties": { 853 "authSchemes": [ 854 { 855 "name": "sigv4", 856 "signingName": "sts", 857 "signingRegion": "us-east-1" 858 } 859 ] 860 }, 861 "headers": {} 862 }, 863 "type": "endpoint" 864 }, 865 { 866 "conditions": [], 867 "endpoint": { 868 "url": "https://sts.{Region}.{PartitionResult#dnsSuffix}", 869 "properties": {}, 870 "headers": {} 871 }, 872 "type": "endpoint" 873 } 874 ], 875 "type": "tree" 876 } 877 ], 878 "type": "tree" 879 }, 880 { 881 "conditions": [], 882 "error": "Invalid Configuration: Missing Region", 883 "type": "error" 884 } 885 ] 886}