diff --git a/CHANGELOG.md b/CHANGELOG.md
index ad76f9dd2..e66182b08 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,9 @@
 ## Table of Contents<!-- omit in toc -->
 
 - [Introduction](#introduction)
+- [2025-02-04](#2025-02-04)
+- [2025-01-21](#2025-01-21)
+- [2025-01-08](#2025-01-08)
 - [2024-09-18](#2024-09-18)
 - [2024-08-22](#2024-08-22)
 - [2024-07-17](#2024-07-17)
@@ -64,6 +67,10 @@ All notable changes to this project will be documented in this file.
 
 - Added [Bedrock](aws_sra_examples/solutions/genai/bedrock_org) solution to deploy the sra-bedrock-org solution for GenAI deep-dive Bedrock capability one security controls.  See https://github.com/aws-samples/aws-security-reference-architecture-examples (sra-1u3sd7f8n)
 
+### Updated<!-- omit in toc -->
+
+- Updated [EC2 Default EBS Encryption](aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption) solution with STS environment variable to enable enforcement in opt-in regions.
+
 ## 2025-01-21
 
 ### Updated<!-- omit in toc -->
diff --git a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py
index 38df8fa98..a392561a4 100644
--- a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py
+++ b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py
@@ -76,6 +76,9 @@ def assume_role(role: str, role_session_name: str, account: str = None, session:
     Returns:
         Session object for the specified AWS account
     """
+    # set regional endpoint environment variable to account for potential opt-in regions
+    os.environ["AWS_STS_REGIONAL_ENDPOINTS"] = "regional"
+
     if not session:
         session = boto3.Session()
     sts_client: STSClient = session.client("sts", config=BOTO3_CONFIG)