AWS Non-Default Regions/Datacenters with IAM Policy (Master/Member Config)Issue details ServiceNow Cloud Discovery supports 4 methods of AWS Discovery with regular Credentials and also uses IAM Policy (Master/Member) along with Temporary Credentials. Amazon AWS Cloud DiscoveryCreating AssumeRole on AWS Console for AWS Management/Member DiscoveryAWS Organizations and Temporary CredentialsMEMBER TO MASTER DISCOVERY USING ACCESSOR ACCOUNT While the Discovery is successful using any of the above successful configuration, the AWS Non-Default Regions/Datacetnters might get successful with direct credentials, but Discovery fails with 401/403 Authentication/Authorization errors Example: ap-east-1 Datacenter fails with the below error even the IAM policy and Trusted relationship is working as expected for other Datacenters/Regions com.amazonaws.services.ec2.model.AmazonEC2Exception: AWS was not able to validate the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure; Request ID: a373ba4c-0143-48a8-8f38-dc281684faaf) AWS Non-Default Regions/Datacenters List of non-default Regions/Datacenters Africa (Cape Town) af-south-1Asia Pacific (Hong Kong) ap-east-1Asia Pacific (Jakarta) ap-southeast-3Europe (Milan) eu-south-1Middle East (Bahrain) me-south-1 Cause of the issue ServiceNow CAPI/Patterns Discovery hit the global endpoint (sts.amazonaws.com) and expect it to be Valid for all AWS regions Solution Before proceeding, please ensure that the region we are attempting to discover is active in both the Accessor account and the Target account (the account where we want to run the discovery).The following steps should be performed in the Accessor account: Open the IAM console and navigate to Account settings.If needed, expand the Security Token Service (STS) section.In the first section, locate the Global endpoint and change its value to All AWS Regions. The default value is AWS Regions enabled by default.Click Save changes to confirm the update.