Document sigv4a signing region set (#4306)

* Document sigv4a signing region set
boto · Oct 16, 2024 · 9e3d4ba · 9e3d4ba
1 parent 0bb608c
commit 9e3d4ba
Showing 1 changed file with 20 additions and 11 deletions.
diff --git a/docs/source/guide/configuration.rst b/docs/source/guide/configuration.rst
@@ -232,6 +232,11 @@ You can set configuration settings using system-wide environment variables. Thes
     When set it will be appended to the User-Agent header of every request
     in the form of App/{AppId}.
 
+``AWS_SIGV4A_SIGNING_REGION_SET``
+    A comma-delimited list of regions to sign when signing with SigV4a.  For more
+    information, see the ``sigv4a_signing_region_set`` configuration file section.
+
+
 Using a configuration file
 --------------------------
 
@@ -259,7 +264,7 @@ in the ``~/.aws/config`` file.
 
         [default]
         region = us-east-1
-        api_versions = 
+        api_versions =
             ec2 = 2015-03-01
             cloudfront = 2015-09-17
 
@@ -283,10 +288,10 @@ in the ``~/.aws/config`` file.
     an IAM role attached to either an EC2 instance profile or an Amazon ECS
     container. In such a scenario, use the ``credential_source`` setting to
     specify where to find the credentials.
-    
+
     The ``credential_source`` and ``source_profile`` settings are mutually
     exclusive.
-    
+
     The following values are supported.
 
         ``Ec2InstanceMetadata``
@@ -316,7 +321,7 @@ in the ``~/.aws/config`` file.
     Serial number of the Amazon Resource Name (ARN) of a multi-factor authentication (MFA) device to use when assuming a role.
 ``parameter_validation``
     Disable parameter validation (default is true, parameters are
-    validated).  This is a Boolean value that 
+    validated).  This is a Boolean value that
     is either ``true`` or ``false``.  Whenever you make an
     API call using a client, the parameters you provide are run through
     a set of validation checks, including (but not limited to) required
@@ -340,7 +345,7 @@ in the ``~/.aws/config`` file.
 ``s3``
     Set Amazon S3-specific configuration data. Typically, these values do not need
     to be set.
-    
+
     The ``s3`` settings are nested configuration values that require special
     formatting in the AWS configuration file. If the values are set by the
     AWS CLI or programmatically by an SDK, the formatting is handled
@@ -351,7 +356,7 @@ in the ``~/.aws/config`` file.
 
         [default]
         region = us-east-1
-        s3 = 
+        s3 =
             addressing_style = path
             signature_version = s3v4
 
@@ -360,25 +365,25 @@ in the ``~/.aws/config`` file.
       The following values are supported.
 
         ``auto``
-            (Default) Attempts to use ``virtual``, but falls back to ``path`` 
+            (Default) Attempts to use ``virtual``, but falls back to ``path``
             if necessary.
-      
+
         ``path``
             Bucket name is included in the URI path.
 
         ``virtual``
             Bucket name is included in the hostname.
 
-    * ``payload_signing_enabled``: Specifies whether to include an SHA-256 
+    * ``payload_signing_enabled``: Specifies whether to include an SHA-256
       checksum with Amazon Signature Version 4 payloads. Valid settings are
       ``true`` or ``false``.
 
       For streaming uploads (``UploadPart`` and ``PutObject``) that use HTTPS
       and include a ``content-md5`` header, this setting is disabled by default.
-    * ``signature_version``: The AWS signature version to use when signing 
+    * ``signature_version``: The AWS signature version to use when signing
       requests. When necessary, Boto automatically switches the signature
       version to an appropriate value. The following values are recognized.
-    
+
         ``s3v4``
             (Default) Signature Version 4
 
@@ -466,6 +471,10 @@ in the ``~/.aws/config`` file.
           functionality of ``standard`` mode with automatic client-side
           throttling.  This is a provisional mode whose behavior might change.
 
+``sigv4a_signing_region_set``
+    A comma-delimited list of regions use when signing with SigV4a. If this is not set,
+    the SDK will check if the service has modeled a default; if none is found, this will
+    default to ``*``.
 
 .. _IAM Roles for Amazon EC2: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
 .. _Using IAM Roles: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html