Interface VPC endpoints
Interface VPC endpoints are powered by Amazon PrivateLink, an Amazon technology that enables private communication between Amazon services using an elastic network interface with private IP addresses. For more information, see Amazon PrivateLink for Amazon Services.
The following information is for users of Amazon VPC. For more information, see Getting Started with Amazon VPC in the Amazon VPC User Guide.
Availability
Amazon STS currently supports VPC endpoints in the following Regions:
-
US East (Ohio)
-
US East (N. Virginia)
-
US West (N. California)
-
US West (Oregon)
-
Africa (Cape Town)
-
Asia Pacific (Hong Kong)
-
Asia Pacific (Mumbai)
-
Asia Pacific (Osaka)
-
Asia Pacific (Seoul)
-
Asia Pacific (Singapore)
-
Asia Pacific (Sydney)
-
Asia Pacific (Tokyo)
-
Canada (Central)
-
China (Beijing)
-
China (Ningxia)
-
Europe (Frankfurt)
-
Europe (Ireland)
-
Europe (London)
-
Europe (Milan)
-
Europe (Paris)
-
Europe (Stockholm)
-
Middle East (Bahrain)
-
South America (São Paulo)
-
Amazon GovCloud (US-East)
-
Amazon GovCloud (US-West)
Create a VPC endpoint for Amazon STS
To start using Amazon STS with your VPC, create an interface VPC endpoint for Amazon STS. For more information, see Access an Amazon service using an interface VPC endpoint in the Amazon VPC User Guide.
After you create the VPC endpoint, you must use the matching regional endpoint to send
your Amazon STS requests. Amazon STS recommends that you use both the setRegion
and
setEndpoint
methods to make calls to a Regional endpoint. You can use the
setRegion
method alone for manually enabled Regions, such as Asia Pacific (Hong
Kong). In this case, the calls are directed to the STS Regional endpoint. To learn how to
manually enable a Region, see Managing Amazon
Regions in the Amazon Web Services General Reference. If you use the
setRegion
method alone for Regions enabled by default, the calls are directed
to the global endpoint of https://sts.amazonaws.com
.
When you use regional endpoints, Amazon STS calls other Amazon services using either public endpoints or private interface VPC endpoints, whichever are in use. For example, assume that you have created an interface VPC endpoint for Amazon STS and have already requested temporary credentials from Amazon STS from resources that are located in your VPC. In that case, these credentials begin flowing through the interface VPC endpoint by default. For more information about making Regional requests using Amazon STS, see Managing Amazon STS in an Amazon Web Services Region.