SQS client not working when base endpoint is provided

When supplying base endpoint in aws config for sqs-client it is fails to get attributes or messages with 400 status code.

cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region), config.WithHTTPClient(httpClient), config.WithBaseEndpoint(baseEndPoint), // <<-- notice here ) sqsClient := sqs.NewFromConfig(cfg)

with baseEndPoint as vpc endpoint client fails with 400 status code for get attributes and messages. with baseEndPoint as "" it works.

Error

time=2026-01-07T05:20:27.176169Z level=Error legacy_level=[ERROR] caller=provider/aws_provider.go:160 msg="Error while getting message from SQS." error="operation error SQS: ReceiveMessage, get identity: get credentials: failed to refresh cached credentials, failed to retrieve credentials, operation error STS: AssumeRoleWithWebIdentity, https response error StatusCode: 400, RequestID: d7fcc85b-0ff3-52ef-804c-a98ce0a863c0, api error NoSuchVersion: The requested version ( 2011-06-15 ) is not valid."

Trobleshooting I Did

Tried digging into aws-sdk v2 to under what happens when base endpoint is "" but multiple layers of abstraction is making it harder to under grasp what is working how There are spans in sdk with noops by default so I add a in memory tracer which logs spans in console

Span logs in error case

[DEBUG] Starting Span: SQS.ReceiveMessage (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: Initialize (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: BuildRequest (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: OperationSerializer (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG SPAN] Finished: OperationSerializer [TRACER PROVIDER] Creating tracer for scope: github.com/aws/aws-sdk-go-v2/service/sqs [DEBUG] Starting Span: RetryLoop (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: Attempt (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: ResolveAuthScheme (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG SPAN] Finished: ResolveAuthScheme - Prop: auth.scheme_id = aws.auth#sigv4 [DEBUG] Starting Span: GetIdentity (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) SDK 2026/01/07 12:40:44 DEBUG Request POST / HTTP/1.1 Host: sqs.us-west-2.amazonaws.com // <<---- notice here User-Agent: aws-sdk-go-v2/1.38.2 ua/2.1 os/linux lang/go#1.24.11 md/GOOS#linux md/GOARCH#amd64 api/sts#1.38.1 Content-Length: 1293 Amz-Sdk-Invocation-Id: XXXXXXXXXXXXXXXXXXXXXXXXXX Amz-Sdk-Request: attempt=1; max=3 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip Action=AssumeRoleWithWebIdentity&RoleArn=aXXXXXXXXXXXXXX&RoleSessionName=XXXXXXXXX&Version=2011-06-15&WebIdentityToken=TOKEN SDK 2026/01/07 12:40:44 DEBUG Response HTTP/1.1 400 Bad Request Content-Length: 300 Connection: keep-alive Content-Type: text/xml Date: Wed, 07 Jan 2026 12:40:44 GMT X-Amzn-Requestid: XXXXXXXXXXXXXXXXXXXXXXXXXX <?xml version="1.0"?><ErrorResponse xmlns="http://queue.amazonaws.com/doc/2011-06-15/"><Error><Type>Sender</Type><Code>NoSuchVersion</Code><Message>The requested version ( 2011-06-15 ) is not valid.</Message><Detail/></Error><RequestId>XXXXXXXXXXXXXXXXXXXXX</RequestId></ErrorResponse> [DEBUG SPAN] Finished: GetIdentity [DEBUG SPAN] Finished: ResolveAuthScheme - Prop: auth.scheme_id = aws.auth#sigv4 [DEBUG SPAN] Finished: Attempt [DEBUG SPAN] Finished: RetryLoop [DEBUG SPAN] Finished: OperationSerializer [DEBUG SPAN] Finished: SQS.ReceiveMessage - Prop: api.error_fault = unknown - Prop: error = true - Prop: exception.type = *fmt.wrapError - Prop: exception.message = get identity: get credentials: failed to refresh cached credentials, failed to retrieve credentials, operation error STS: AssumeRoleWithWebIdentity, https response error StatusCode: 400, RequestID: XXXXXXXXXXXXXXXX, api error NoSuchVersion: The requested version ( 2011-06-15 ) is not valid. - Prop: api.error_code = NoSuchVersion - Prop: api.error_message = The requested version ( 2011-06-15 ) is not valid. =

span logs in working case

DEBUG] Starting Span: SQS.ReceiveMessage (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: Initialize (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: BuildRequest (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: OperationSerializer (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG SPAN] Finished: OperationSerializer [TRACER PROVIDER] Creating tracer for scope: github.com/aws/aws-sdk-go-v2/service/sqs [DEBUG] Starting Span: RetryLoop (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: Attempt (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG] Starting Span: ResolveAuthScheme (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG SPAN] Finished: ResolveAuthScheme - Prop: auth.scheme_id = aws.auth#sigv4 [DEBUG] Starting Span: GetIdentity (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG SPAN] Finished: GetIdentity [DEBUG] Starting Span: ResolveEndpoint (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG SPAN] Finished: ResolveEndpoint - Prop: client.call.resolved_endpoint = https://sqs.us-west-2.amazonaws.com [DEBUG] Starting Span: ComputePayloadSHA256 (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG SPAN] Finished: ComputePayloadSHA256 [DEBUG] Starting Span: SignRequest (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) [DEBUG SPAN] Finished: SignRequest [DEBUG] Starting Span: DoHTTPRequest (Scope: github.com/aws/aws-sdk-go-v2/service/sqs) SDK 2026/01/07 12:47:35 DEBUG Request POST / HTTP/1.1 Host: sqs.us-west-2.amazonaws.com // <<---- notice here User-Agent: aws-sdk-go-v2/1.38.2 ua/2.1 os/linux lang/go#1.24.11 md/GOOS#linux md/GOARCH#amd64 api/sqs#1.38.8 m/E,h Content-Length: 155 Amz-Sdk-Invocation-Id: XXXXXXXXXXXXXXXXXXXXXXXXX Amz-Sdk-Request: attempt=1; max=3 Authorization: AWS4-HMAC-SHA256 Credential=XXXXXXXXXXXXXX/XXXXXXXX/us-west-2/sqs/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target;x-amzn-query-mode, Signature=XXXXXXXXXXXXXXXXXXXXXXXXXXXX Content-Type: application/x-amz-json-1.0 X-Amz-Date: 20260107T124735Z X-Amz-Security-Token: XXXXXXXXXXXX//////////XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X-Amz-Target: AmazonSQS.ReceiveMessage X-Amzn-Query-Mode: true Accept-Encoding: gzip {"MaxNumberOfMessages":10,"QueueUrl":"https://sqs.us-west-2.amazonaws.com/XXXXXXXXXXXXX”,”VisibilityTimeout":300} `

assumed that when base endpoint is "" then the value is generated as runtime but the value is sqs.us-west-2.amazonaws.com as can be seen in span logs

Already checked most of stackover flow, reddit, claude, gemini, chatgpt and my peers.