From 3298a8ee092c2c1b33bb42415c40293e7e35e9b3 Mon Sep 17 00:00:00 2001
From: Jason Valdron <jason@valdron.ca>
Date: Mon, 9 Dec 2024 09:25:54 -0400
Subject: [PATCH] Only configure STS region for route53 when we obtain it using
 IDMS

---
 .../providers/aws/route53/route53.go          | 41 ++++++++++---------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/dnsprovider/pkg/dnsprovider/providers/aws/route53/route53.go b/dnsprovider/pkg/dnsprovider/providers/aws/route53/route53.go
index 9b0d26bcf110a..0d03d754485ac 100644
--- a/dnsprovider/pkg/dnsprovider/providers/aws/route53/route53.go
+++ b/dnsprovider/pkg/dnsprovider/providers/aws/route53/route53.go
@@ -71,34 +71,37 @@ func newRoute53() (*Interface, error) {
 		region = imdsRegionResp.Region
 	}
 
-	stsCfg, err := awsconfig.LoadDefaultConfig(ctx,
-		awsconfig.WithClientLogMode(aws.LogRetries),
-		awslog.WithAWSLogger(),
-		awsconfig.WithRetryer(func() aws.Retryer {
-			return retry.AddWithMaxAttempts(retry.NewStandard(), 5)
-		}),
-		awsconfig.WithRegion(region),
-	)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load default aws config for STS client: %w", err)
-	}
-
 	awsOptions := []func(*awsconfig.LoadOptions) error{
 		awsconfig.WithClientLogMode(aws.LogRetries),
 		awslog.WithAWSLogger(),
 		awsconfig.WithRetryer(func() aws.Retryer {
 			return retry.AddWithMaxAttempts(retry.NewStandard(), 5)
 		}),
-		awsconfig.WithAssumeRoleCredentialOptions(func(aro *stscreds.AssumeRoleOptions) {
-			// Ensure the STS client has a region configured, if discovered by IMDS
-			aro.Client = sts.NewFromConfig(stsCfg)
-		}),
 	}
 
 	if imdsClient != nil {
-		awsOptions = append(awsOptions, awsconfig.WithEC2IMDSRegion(func(o *awsconfig.UseEC2IMDSRegion) {
-			o.Client = imdsClient
-		}))
+		stsCfg, err := awsconfig.LoadDefaultConfig(ctx,
+			awsconfig.WithClientLogMode(aws.LogRetries),
+			awslog.WithAWSLogger(),
+			awsconfig.WithRetryer(func() aws.Retryer {
+				return retry.AddWithMaxAttempts(retry.NewStandard(), 5)
+			}),
+			awsconfig.WithRegion(region),
+		)
+		if err != nil {
+			return nil, fmt.Errorf("failed to load default aws config for STS client: %w", err)
+		}
+
+		awsOptions = append(
+			awsOptions,
+			awsconfig.WithEC2IMDSRegion(func(o *awsconfig.UseEC2IMDSRegion) {
+				o.Client = imdsClient
+			}),
+			awsconfig.WithAssumeRoleCredentialOptions(func(aro *stscreds.AssumeRoleOptions) {
+				// Ensure the STS client has a region configured, if discovered by IMDS
+				aro.Client = sts.NewFromConfig(stsCfg)
+			}),
+		)
 	}
 
 	cfg, err := awsconfig.LoadDefaultConfig(ctx, awsOptions...)