feat: aws region is optional, use global sts endpoint when not set

.eslintrc.yml

@@ -121,7 +121,6 @@ overrides:
       '@typescript-eslint/non-nullable-type-assertion-style': [warn]
       '@typescript-eslint/prefer-for-of': [error]
       '@typescript-eslint/prefer-literal-enum-member': [warn]
-      '@typescript-eslint/prefer-nullish-coalescing': [warn]
       '@typescript-eslint/prefer-optional-chain': [warn]
       '@typescript-eslint/prefer-readonly': [warn]
       '@typescript-eslint/prefer-regexp-exec': [warn]

action.yml

@@ -18,7 +18,7 @@ inputs:
     required: false
   aws-region:
     description: AWS Region, e.g. us-east-2
-    required: true
+    required: false
   aws-secret-access-key:
     description: AWS Access Key ID. This input is required if running in the GitHub hosted environment. It is optional if running in a self-hosted environment that already has AWS credentials, for example on an EC2 instance.
     required: false

src/CredentialsClient.ts

@@ -6,17 +6,19 @@ import { errorMessage } from './helpers';
 const USER_AGENT = 'configure-aws-credentials-for-github-actions';
 
 export interface CredentialsClientProps {
-  region: string;
+  region?: string;
   proxyServer?: string;
 }
 
 export class CredentialsClient {
-  public region: string;
+  public region?: string;
   private stsClient?: STSClient;
   private readonly requestHandler?: NodeHttpHandler;
 
   constructor(props: CredentialsClientProps) {
-    this.region = props.region;
+    if (props.region) {
+      this.region = props.region;
+    }
     if (props.proxyServer) {
       const handler = proxy(props.proxyServer);
       this.requestHandler = new NodeHttpHandler({
@@ -29,9 +31,10 @@ export class CredentialsClient {
   public getStsClient(): STSClient {
     if (!this.stsClient) {
       this.stsClient = new STSClient({
-        region: this.region,
+        region: this.region ? this.region : undefined,
         customUserAgent: USER_AGENT,
         requestHandler: this.requestHandler ? this.requestHandler : undefined,
+        useGlobalEndpoint: this.region ? false : true,
       });
     }
     return this.stsClient;

src/index.ts

@@ -14,7 +14,10 @@ export async function run() {
     const SecretAccessKey = core.getInput('aws-secret-access-key', { required: false });
     const sessionTokenInput = core.getInput('aws-session-token', { required: false });
     const SessionToken = sessionTokenInput === '' ? undefined : sessionTokenInput;
-    const region = core.getInput('aws-region', { required: true });
+    const region =
+      core.getInput('aws-region', { required: false }) ||
+      process.env['AWS_REGION'] ||
+      process.env['AWS_DEFAULT_REGION'];
     const roleToAssume = core.getInput('role-to-assume', { required: false });
     const audience = core.getInput('audience', { required: false });
     const maskAccountId = core.getInput('mask-aws-account-id', { required: false });
@@ -54,10 +57,13 @@ export async function run() {
     };
 
     // Validate and export region
-    if (!region.match(REGION_REGEX)) {
-      throw new Error(`Region is not valid: ${region}`);
+    if (region) {
+      core.info('Using global STS endpoint');
+      if (!region.match(REGION_REGEX)) {
+        throw new Error(`Region is not valid: ${region}`);
+      }
+      exportRegion(region);
     }
-    exportRegion(region);
 
     // Instantiate credentials client
     const credentialsClient = new CredentialsClient({ region, proxyServer });