I'm performing assume-role operation using the us-east-1 regional STS endpoint. This returns a V2 token, which I'm using to perform actions in my account. While this works in some regions, it fails in others. My understanding is that a V2 token should work across all regions. However, I'm encountering the following error in the regions where it fails:
An error occurred (AuthFailure) when calling the DescribeInstanceTypes operation: AWS was not able to validate the provided access credentials.
My code -
session = Session(
region_name="<region_name>",
aws_access_key_id="<>",
aws_secret_access_key="<>",
aws_session_token="<>"
)
instance_types = session.client("ec2").describe_instance_types()
The code works when region_name is set to certain values, but fails for others.
I was able to make it work by activating the region in both the account that makes the STS request and the account where the credentials are generated -