aws · thedevopsmachine · Apr 17, 2018 · Apr 17, 2018 · Apr 17, 2018 · Apr 17, 2018
diff --git a/agent/managedInstances/rolecreds/managedInstances_role_provider_test.go b/agent/managedInstances/rolecreds/managedInstances_role_provider_test.go
@@ -29,6 +29,7 @@ var (
 	accessKeyID     = "accessKeyID"
 	secretAccessKey = "secretAccessKey"
 	sessionToken    = "sessionToken"
+	region          = "us-east-1"
 )
 
 func TestRetrieve_ShouldReturnValidToken(t *testing.T) {
@@ -60,6 +61,7 @@ func TestRetrieve_ShouldUpdateKeyPair(t *testing.T) {
 		publicKey:  "publicKey",
 		privateKey: "privateKey",
 		keyType:    "Rsa",
+		region:     "us-east-1",
 	}
 	client := &RsaSignedServiceStub{
 		roleResponse: ssm.RequestManagedInstanceRoleTokenOutput{

diff --git a/agent/managedInstances/sharedCredentials/shared_Credentials.go b/agent/managedInstances/sharedCredentials/shared_Credentials.go
@@ -20,6 +20,7 @@ import (
 	"path/filepath"
 
 	"github.com/aws/amazon-ssm-agent/agent/fileutil"
+	"github.com/aws/amazon-ssm-agent/agent/managedInstances/registration"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/go-ini/ini"
 )
@@ -29,6 +30,7 @@ const (
 	awsAccessKeyID     = "aws_access_key_id"
 	awsSecretAccessKey = "aws_secret_access_key"
 	awsSessionToken    = "aws_session_token"
+	awsRegion          = "region"
 )
 
 // filename returns the filename to use to read AWS shared credentials.
@@ -98,6 +100,18 @@ func Store(accessKeyID, secretAccessKey, sessionToken, profile string) error {
 
 	iniProfile.Key(awsSessionToken).SetValue(sessionToken)
 
+	// Save the instance's region to the profile so that the FallbackRegionFactory can find it.
+	// Scripts that use the .NET Cmdlets and aws command line tools will automatically detect
+	// the AWS Region from the EC2 instance profile, however, this is not the case for on-prem
+	// servers, since they don't have the EC2 Metadata service. By adding the Region to the
+	// shared credentials file, the SDK will be able to discover the region automatically.
+	// This will ensure that scripts that run on on-prem servers will run the same way as
+	// they would on EC2 instances, without any modification.
+	region := registration.Region()
+	if region != "" {
+		iniProfile.Key(awsRegion).SetValue(region)
+	}
+
 	err = config.SaveTo(credPath)
 	if err != nil {
 		return awserr.New("SharedCredentialsStore", "failed to save profile", err)

diff --git a/agent/managedInstances/sharedCredentials/shared_credentials_integ_test.go b/agent/managedInstances/sharedCredentials/shared_credentials_integ_test.go
@@ -30,6 +30,7 @@ const (
 	accessKey       = "DummyAccessKey"
 	accessSecretKey = "DummyAccessSecretKey"
 	token           = "DummyToken"
+	region          = "us-east-1"
 	profile         = "DummyProfile"
 	testFilePath    = "example.ini"
 )