From a49570e5f9755aad0ba9c51819a49dc4316c06b8 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Wed, 3 Mar 2021 14:24:22 -0800 Subject: [PATCH 1/2] sts seems to require the region where Lemur is deployed --- lemur/plugins/lemur_aws/sts.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lemur/plugins/lemur_aws/sts.py b/lemur/plugins/lemur_aws/sts.py index c1bd562c..722b5a2c 100644 --- a/lemur/plugins/lemur_aws/sts.py +++ b/lemur/plugins/lemur_aws/sts.py @@ -20,7 +20,13 @@ def sts_client(service, service_type="client"): def decorator(f): @wraps(f) def decorated_function(*args, **kwargs): - sts = boto3.client("sts", config=config) + if current_app.config.get("LEMUR_AWS_REGION"): + deployment_region = current_app.config.get("LEMUR_AWS_REGION") + sts = boto3.client('sts', region_name=deployment_region, + endpoint_url=f"https://sts.{deployment_region}.amazonaws.com/", + config=config) + else: + sts = boto3.client("sts", config=config) arn = "arn:aws:iam::{0}:role/{1}".format( kwargs.pop("account_number"), current_app.config.get("LEMUR_INSTANCE_PROFILE", "Lemur"), From c3eb463c42be3235620b170b69b1b6fc5266afdb Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Wed, 3 Mar 2021 14:50:22 -0800 Subject: [PATCH 2/2] documentation --- docs/administration.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/administration.rst b/docs/administration.rst index 4cf8e769..c2ca7b04 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -209,6 +209,11 @@ Basic Configuration in the UI. When set to False (the default), the certificate delete API will always return "405 method not allowed" and deleted certificates will always be visible in the UI. (default: `False`) +.. data:: LEMUR_AWS_REGION + :noindex: + + This is an optional config applicable for settings where Lemur is deployed in AWS. For accessing regionalized + STS endpoints, LEMUR_AWS_REGION defines the region where Lemur is deployed. Certificate Default Options ---------------------------