Commvault · DangerDogBrewing · Sep 24, 2025
diff --git a/AWS/CVAWSCloudSizingScript.ps1 b/AWS/CVAWSCloudSizingScript.ps1
@@ -2444,14 +2444,20 @@ function Invoke-AuthenticationScenarios {
                         return
                     }
 
-                    $roleArn = "arn:aws:iam::${AccountId}:role/${roleName}"
+                    $partitionString = if ($script:Config.Partition -eq 'GovCloud') { 'aws-us-gov' } else { 'aws' }
+                    $roleArn = "arn:${partitionString}:iam::${AccountId}:role/${roleName}"
                     Write-ScriptOutput "DEBUG: Built role ARN: $roleArn" -Level Info
 
                     $sessionName = if ($CrossAccountRoleSessionName) { $CrossAccountRoleSessionName } else { "CVAWS-Cost-Sizing" }
+
+                    $stsRegion = if ($script:Config.Partition -eq 'GovCloud') { $script:Config.DefaultGovCloudQueryRegion } else { $script:Config.DefaultQueryRegion }
+                    Write-ScriptOutput "Using STS endpoint region $stsRegion for AssumeRole" -Level Info
+
                     $stsParams = @{
                         RoleArn = $roleArn
                         RoleSessionName = $sessionName
                         ErrorAction = 'Stop'
+                        Region = $stsRegion
                     }
                     if ($ExternalId) { $stsParams.ExternalId = $ExternalId }
 
@@ -2963,6 +2969,17 @@ try {
         exit 1
     }
 
+    if ($script:Config.Partition -eq 'GovCloud') {
+        $govRegion = $script:Config.DefaultGovCloudQueryRegion
+        $govStsEndpoint = "sts.$govRegion.amazonaws.com"
+        try {
+            Set-AWSDefaultConfiguration -Region $govRegion -StsEndpoint $govStsEndpoint
+            Write-ScriptOutput "Set default AWS configuration for GovCloud partition (Region: $govRegion, STS Endpoint: $govStsEndpoint)." -Level Info
+        } catch {
+            Write-ScriptOutput "Failed to set default AWS configuration for GovCloud. This may fail if the AWS.Tools.Common module is not fully loaded. Error: $_" -Level Warning
+        }
+    }
+
     if ($ProfileLocation) {
         Write-ScriptOutput "ProfileLocation parameter provided: $ProfileLocation" -Level Info
         if (Test-Path $ProfileLocation) {

diff --git a/AWS/README.md b/AWS/README.md
@@ -90,6 +90,7 @@ Common script parameters
 - -ProfileLocation "<path>" — shared Credentials file path.
 - -CrossAccountRoleName "<RoleName>" — role to assume in target accounts.
 - -Regions "us-east-1,us-west-2" — comma-separated regions to query.
+- -Partition "GovCloud" — Specifies the AWS partition. Use "GovCloud" for AWS GovCloud regions.
 
 
 Credential Files:
@@ -124,6 +125,9 @@ Example invocations
 
 # Cross-account role using file with account IDs [CloudShell]
 ./CVAWSCloudSizingScript.ps1 -CrossAccountRoleName "InventoryRole" -UserSpecifiedAccounts "123456789012" -Regions "us-east-1"
+
+# Cross-account role in AWS GovCloud
+./CVAWSCloudSizingScript.ps1 -CrossAccountRoleName "InventoryRole" -UserSpecifiedAccounts "123456789012" -Regions "us-gov-west-1" -Partition "GovCloud"
 ```