From da9d9ce68139b611a5e118e8507353fcebc27145 Mon Sep 17 00:00:00 2001
From: DJ Zhao <259550159+djzhao02@users.noreply.github.com>
Date: Thu, 5 Feb 2026 01:29:51 +0800
Subject: [PATCH] Support STS endpoint of AWS EUSC

---
 cmd/saml2aws/commands/login.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cmd/saml2aws/commands/login.go b/cmd/saml2aws/commands/login.go
index 986c42e2b..86d9f2067 100644
--- a/cmd/saml2aws/commands/login.go
+++ b/cmd/saml2aws/commands/login.go
@@ -356,9 +356,18 @@ func resolveRole(awsRoles []*saml2aws.AWSRole, samlAssertion string, account *cf
 }
 
 func loginToStsUsingRole(account *cfg.IDPAccount, role *saml2aws.AWSRole, samlAssertion string) (*awsconfig.AWSCredentials, error) {
+	var endpointTLD string
+
+	if account.Region == "eusc-de-east-1" {
+		endpointTLD = ".eu"
+	} else {
+		endpointTLD = ".com"
+	}
+	endpointURL := "https://sts." + account.Region + ".amazonaws" + endpointTLD
 
 	sess, err := session.NewSession(&aws.Config{
 		Region: &account.Region,
+		Endpoint:         aws.String(endpointURL),
 	})
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to create session.")