Updating Amazon Web Services SDK defaults – Amazon Web Services STS service endpoint and Retry Strategy

Amazon Web Services Software Development Kits (SDKs) and Command Line Interfaces (CLIs) are bundled with a default configuration that is carefully designed to optimize availability and reliability. Two such settings are the Amazon Web Services Security Token Service (STS) endpoint and the default retry strategy. To improve the default posture for Amazon Web Services customers, we will update these two defaults on July 31st 2025. The default Amazon Web Services STS service endpoint will be changed to regional . and the default retry strategy to standard .

Using Amazon Web Services STS regional endpoints

Amazon Web Services STS can be accessed through Regional service endpoints, or a global endpoint. Requests to the global service endpoint map to the US East (N. Virginia) Region. While most Amazon Web Services SDKs and CLIs default to the Regional service endpoints, the Amazon Web Services SDKs for Python, PHP, C++, .NET and the Amazon Web Services Tools for PowerShell still use the global service endpoint.

An Amazon Web Services best practice is to use regional endpoints whenever possible since it removes the necessity to make cross-regional calls and to have inter-region dependencies. On July 31st, 2025, the SDKs and tools listed previously will release an update with their default STS service endpoint changed to the Regional endpoint (regional setting value). As a result, customers may experience a change in a behavior after updating. The other generally available Amazon Web Services SDKs and CLIs already default to the Regional endpoint, with the exception of the Amazon Web Services CLIv1. You can find details about moving to the Regional service endpoint in this recent Amazon Web Services STS announcement.

Modernizing the default retry strategy

On July 31st, 2025, we will update the default retry strategy to standard in the Amazon Web Services SDKs for C++, .NET, Java (v2), PHP, Python, Ruby, the Amazon Web Services Tools for PowerShell and the Amazon Web Services CLI (v2). Amazon Web Services SDKs released after March 2020 already default to the standard retry strategy.

Amazon Web Services SDKs retry requests for recoverable failures. Amazon Web Services SDKs released before March 2020 default to the legacy strategy, which uses exponential backoff. In 2020, Amazon Web Services SDKs introduced the standard retry strategy which provides a standardized retry behavior across SDKs, using token-bucket throttling. An Amazon best practice is to enable client-side throttling of retries to increase the availability of services without compromising the capability to recover from intermittent failures. With this change, all SDK customers will benefit from the updated strategy by default. For more information on token-bucket retries, read our documentation on retry behavior.

Preparing for the changes

We recommend that customers test their application before the release on July 31st, 2025. Customers can do so by opting in to the new configuration values as described in Amazon Web Services STS Regional endpoints and retry behavior. We recognize that it takes time and effort to adapt to behavioral changes, so customers have the possibility to preemptively opt out of the change using the same mechanism. To do so, each parameter may be independently set to the legacy value. Amazon Web Services recommends that customers opt out of the change temporarily to allow enough time for their migration to the new configuration values.