1 Answer
- Newest
- Most votes
- Most comments
1
AWS endpoints are regional. For example here are the IAM endpoints.. You experience something similar in the S3 console, it will indicate global, but actually the buckets and objects are region-scoped, they exist in a region. The bucket name has to be unique within the partition so you don't have to specify the region in the ARN
IAM resource (user, groups, roles, policies) are partition-scoped (globally-scoped). They can be referenced, accessed, managed from any region in the partition. You will noticed that IAM resource ARNs do not specify the region.
Relevant content
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 16 days ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
Ok, so basically, the region I set doesn't matter, just so something is set?
In the IAM case, yes. It uses that region value to construct/find the endpoint that it calls.