From 34450b020d0ef7d2a00f1d56bb5e4a31fa8e12af Mon Sep 17 00:00:00 2001
From: Rico Huijbers <rix0rrr@gmail.com>
Date: Wed, 19 Aug 2020 18:12:32 +0200
Subject: [PATCH] fix(cli): CLI does not use regional endpoints (#9835)

Make CLI and `cdk-assets` use regional endpoints by setting
`AWS_STS_REGIONAL_ENDPOINTS=regional`.

While we are configuring the SDK by setting global environment
variables anyway (*shudder*), might as well improve performance
a bit by enabling keepalive on the connections (by setting
`AWS_NODEJS_CONNECTION_REUSE_ENABLED=1`).

Fixes #9223.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts | 9 ++++++++-
 packages/cdk-assets/bin/publish.ts                | 2 ++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
index d8fb031bf638f..ab583611bbc52 100644
--- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
+++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
@@ -12,6 +12,12 @@ import { Mode } from '../aws-auth/credentials';
 import { AwsCliCompatible } from './awscli-compatible';
 import { ISDK, SDK } from './sdk';
 
+
+// Some configuration that can only be achieved by setting
+// environment variables.
+process.env.AWS_STS_REGIONAL_ENDPOINTS = 'regional';
+process.env.AWS_NODEJS_CONNECTION_REUSE_ENABLED = '1';
+
 /**
  * Options for the default SDK provider
  */
@@ -82,7 +88,7 @@ const CACHED_DEFAULT_CREDENTIALS = Symbol('cached_default_credentials');
  */
 export class SdkProvider {
   /**
-   * Create a new SdkProvider which gets its defaults in a way that haves like the AWS CLI does
+   * Create a new SdkProvider which gets its defaults in a way that behaves like the AWS CLI does
    *
    * The AWS SDK for JS behaves slightly differently from the AWS CLI in a number of ways; see the
    * class `AwsCliCompatible` for the details.
@@ -302,6 +308,7 @@ function parseHttpOptions(options: SdkHttpOptions) {
     debug('Using CA bundle path: %s', caBundlePath);
     config.httpOptions.agent = new https.Agent({
       ca: readIfPossible(caBundlePath),
+      keepAlive: true,
     });
   }
 
diff --git a/packages/cdk-assets/bin/publish.ts b/packages/cdk-assets/bin/publish.ts
index 2dc0911b41eb8..12a0e318d0f78 100644
--- a/packages/cdk-assets/bin/publish.ts
+++ b/packages/cdk-assets/bin/publish.ts
@@ -67,6 +67,8 @@ class DefaultAwsClient implements IAws {
   constructor(profile?: string) {
     // Force AWS SDK to look in ~/.aws/credentials and potentially use the configured profile.
     process.env.AWS_SDK_LOAD_CONFIG = '1';
+    process.env.AWS_STS_REGIONAL_ENDPOINTS = 'regional';
+    process.env.AWS_NODEJS_CONNECTION_REUSE_ENABLED = '1';
     if (profile) {
       process.env.AWS_PROFILE = profile;
     }