Make the default value of the --region flag be more explicit.

Author: cjbradfield

cmd/kiam/server.go

@@ -57,7 +57,7 @@ func (o *serverOptions) bind(parser parser) {
 	parser.Flag("session-duration", "Requested session duration for STS Tokens.").Default("15m").DurationVar(&o.SessionDuration)
 	parser.Flag("session-refresh", "How soon STS Tokens should be refreshed before their expiration.").Default("5m").DurationVar(&o.SessionRefresh)
 	parser.Flag("assume-role-arn", "IAM Role to assume before processing requests").Default("").StringVar(&o.AssumeRoleArn)
-	parser.Flag("region", "AWS Region to use for STS calls").Default("").StringVar(&o.Region)
+	parser.Flag("region", "AWS Region to use for STS calls.").Default(sts.GlobalEndpoint).StringVar(&o.Region)
 }
 
 func (opts *serverCommand) Run() {

pkg/aws/sts/gateway.go

@@ -28,6 +28,8 @@ import (
 	"github.com/uswitch/kiam/pkg/statsd"
 )
 
+const GlobalEndpoint = "global-endpoint"
+
 type STSGateway interface {
 	Issue(ctx context.Context, role, session string, expiry time.Duration) (*Credentials, error)
 }
@@ -42,7 +44,7 @@ func DefaultGateway(assumeRoleArn, region string) *DefaultSTSGateway {
 		config.WithCredentials(stscreds.NewCredentials(session.Must(session.NewSession()), assumeRoleArn))
 	}
 
-	if region != "" {
+	if region != "" && region != GlobalEndpoint {
 		config.WithRegion(region).WithEndpointResolver(endpoints.ResolverFunc(endpointFor))
 	}
 

pkg/aws/sts/gateway_test.go

@@ -60,3 +60,17 @@ func TestRegionalGatewayFips(t *testing.T) {
 		t.Error("Unexpected regional endpoint. Endpoint was: ", config.Endpoint)
 	}
 }
+
+func TestGlobalGatewayFips(t *testing.T) {
+	gateway := DefaultGateway("", "global-endpoint")
+
+	config := gateway.session.ClientConfig(sts.EndpointsID)
+
+	if config.SigningRegion != "us-east-1" {
+		t.Error("Unexpected region. Region was: ", config.SigningRegion)
+	}
+
+	if config.Endpoint != "https://sts.amazonaws.com" {
+		t.Error("Unexpected regional endpoint. Endpoint was: ", config.Endpoint)
+	}
+}