When using ProfileFileCredentialsProvider::builder() with profile files and profile name supplied programmatically, a profile-level use_fips_endpoint = true setting is not propagated to the internal STS client used for AssumeRole during credential role chaining.
As a result, STS requests go to a non-FIPS endpoint even though the selected profile enables FIPS.
Expected behavior
If the selected profile contains:
[profile fips-test]
use_fips_endpoint = true
region = us-east-1
then the internal STS client used by ProfileFileCredentialsProvider for AssumeRole should use a FIPS endpoint, e.g.:
https://sts-fips.us-east-1.amazonaws.com/
or equivalent FIPS endpoint resolution.
Actual behavior
The internal STS client uses the non-FIPS endpoint:
https://sts.us-east-1.amazonaws.com/
Example code demonstrating the issue
Cargo.toml.txt
main.rs.txt
When using
ProfileFileCredentialsProvider::builder()with profile files and profile name supplied programmatically, a profile-leveluse_fips_endpoint = truesetting is not propagated to the internal STS client used forAssumeRoleduring credential role chaining.As a result, STS requests go to a non-FIPS endpoint even though the selected profile enables FIPS.
Expected behavior
If the selected profile contains:
then the internal STS client used by
ProfileFileCredentialsProviderforAssumeRoleshould use a FIPS endpoint, e.g.:or equivalent FIPS endpoint resolution.
Actual behavior
The internal STS client uses the non-FIPS endpoint:
Example code demonstrating the issue
Cargo.toml.txt
main.rs.txt