sts seems to require the region where Lemur is deployed

2021-03-03 14:24:22 -08:00 · 2021-03-03 14:24:22 -08:00 · a49570e5f9
parent 576122393b
commit a49570e5f9
1 changed files with 7 additions and 1 deletions
--- a/lemur/plugins/lemur_aws/sts.py
+++ b/lemur/plugins/lemur_aws/sts.py
@ -20,7 +20,13 @@ def sts_client(service, service_type="client"):
    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
-            sts = boto3.client("sts", config=config)
+            if current_app.config.get("LEMUR_AWS_REGION"):
+                deployment_region = current_app.config.get("LEMUR_AWS_REGION")
+                sts = boto3.client('sts', region_name=deployment_region,
+                                   endpoint_url=f"https://sts.{deployment_region}.amazonaws.com/",
+                                   config=config)
+            else:
+                sts = boto3.client("sts", config=config)
            arn = "arn:aws:iam::{0}:role/{1}".format(
                kwargs.pop("account_number"),
                current_app.config.get("LEMUR_INSTANCE_PROFILE", "Lemur"),