Other: Support for Regional STS Endpoints in Hybrid Deployment Agent
Answered
Hi Fivetran Product Team,
I’d like to submit a feature request regarding support for regional STS endpoints in the Fivetran Hybrid Deployment Agent (HDA).
In our setup, we restrict egress to global endpoints for security reasons and instead use the regional STS endpoint (sts.eu-west-1.amazonaws.com) via a VPC interface endpoint in our AWS environment.
However, we’ve observed that when using IAM user credentials, the HDA attempts to connect to the global STS endpoint (sts.amazonaws.com), which results in a timeout due to our restricted egress policy. When egress is temporarily allowed to the global endpoint, the sync works successfully.
Feature Request:
We’d like the option for the HDA to use regional STS endpoints for credential access, aligning with AWS’s best practices and regional architecture models.
We believe this would improve compatibility with more secure AWS environments, especially those with tight egress controls and regional compliance requirements.
Please let us know if this request can be added to the product roadmap. We’d be happy to discuss this further or provide more context on our use case if needed.
Best regards,
Akshay Salunke
-
Official comment
Hi Akshay,
Thanks for your feature request regarding hybrid deployment. At the moment we don't have specific plans to support regional STS endpoints, but I've raised this with our engineering team to evaluate the request. I don't have a clear timeline right now but we will discuss internally to see if this is feasible.
Thank you!
Please sign in to leave a comment.
Comments
1 comment