Posted On: May 21, 2024
Today, Amazon Identity and Access Management (IAM) is announcing support for signing Amazon Web Services API requests with the Sigv4A encryption algorithm using session tokens issued in the Amazon Web Services China (Beijing) Region, operated by Sinnet. Cryptographically signing an Amazon Web Services request with the Sigv4A algorithm allows you to send the request to service endpoints in any of the China regions.
If workloads or callers in your account intend to sign Amazon Web Services requests using Sigv4A, or you plan to adopt a specific Amazon Web Services feature that requires it, configure the Amazon Security Token Service (STS) endpoint in the Amazon Web Services China (Beijing) Region to vend session tokens that support the Sigv4A algorithm. You can configure this behavior either by using the Amazon IAM Console or calling the Amazon IAM SetSecurityTokenServicePreferences API. Session tokens that support the Sigv4A algorithm are larger in size and match the size of session tokens issued by the Amazon STS endpoint in the Amazon Web Services China (Ningxia) Region, operated by NWCD, which already supports the use of Sigv4A.
To learn more about the new console setting and Amazon IAM API, please visit Managing Amazon STS in an Amazon Web Services Region.