From 23a46d5eab3027827c82ae164fe565854ffed31b Mon Sep 17 00:00:00 2001 From: Jordan Smith Date: Fri, 23 May 2025 10:00:25 -0400 Subject: [PATCH 1/3] move AWS STS copy --- source/security/authentication/aws-iam.txt | 44 +++++++++++----------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/source/security/authentication/aws-iam.txt b/source/security/authentication/aws-iam.txt index 0288200c6..d86214bbe 100644 --- a/source/security/authentication/aws-iam.txt +++ b/source/security/authentication/aws-iam.txt @@ -100,6 +100,28 @@ The driver checks for your credentials in the following sources in order: Omit the line containing ``AWS_SESSION_TOKEN`` if you don't need an AWS session token for that role. + + AWS recommends using regional AWS STS endpoints instead of global + endpoints to reduce latency, build-in redundancy, and increase session token validity. + To set the AWS region, set `AWS_REGION `__ + and `AWS_STS_REGIONAL_ENDPOINTS `__ + as environment variables, as shown in the following example: + + .. code-block:: bash + + export AWS_STS_REGIONAL_ENDPOINTS=regional // Enables regional endpoints + export AWS_REGION=us-east-1 // Sets your AWS region + + If both these environment variables aren't set, the default region is + ``us-east-1``. For a list of available AWS regions, see the + `Regional Endpoints `__ + section of the AWS Service Endpoints reference in the AWS documentation. + + .. warning:: Consult your SDK's Documentation for Setting an AWS Region + + You cannot set your AWS region with environment variables for all SDKs, + as in the above example. See your SDK's specific documentation for + configuring an AWS region. After you've set the preceding environment variables, specify the ``MONGODB-AWS`` authentication mechanism in your connection string as shown in the following example: @@ -131,28 +153,6 @@ The driver checks for your credentials in the following sources in order: export AWS_WEB_IDENTITY_TOKEN_FILE= - AWS recommends using regional AWS STS endpoints instead of global - endpoints to reduce latency, build-in redundancy, and increase session token validity. - To set the AWS region, set `AWS_REGION `__ - and `AWS_STS_REGIONAL_ENDPOINTS `__ - as environment variables, as shown in the following example: - - .. code-block:: bash - - export AWS_STS_REGIONAL_ENDPOINTS=regional // Enables regional endpoints - export AWS_REGION=us-east-1 // Sets your AWS region - - If both these environment variables aren't set, the default region is - ``us-east-1``. For a list of available AWS regions, see the - `Regional Endpoints `__ - section of the AWS Service Endpoints reference in the AWS documentation. - - .. warning:: Consult your SDK's Documentation for Setting an AWS Region - - You cannot set your AWS region with environment variables for all SDKs, - as in the above example. See your SDK's specific documentation for - configuring an AWS region. - After you've set the preceding environment variables, specify the ``MONGODB-AWS`` authentication mechanism in your connection string as shown in the following example: From 5c992345eb5d69f540654e1d9a68b194d4ff4fc4 Mon Sep 17 00:00:00 2001 From: Jordan Smith Date: Fri, 23 May 2025 10:16:36 -0400 Subject: [PATCH 2/3] edit --- source/security/authentication/aws-iam.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/security/authentication/aws-iam.txt b/source/security/authentication/aws-iam.txt index d86214bbe..e9799705d 100644 --- a/source/security/authentication/aws-iam.txt +++ b/source/security/authentication/aws-iam.txt @@ -153,7 +153,7 @@ The driver checks for your credentials in the following sources in order: export AWS_WEB_IDENTITY_TOKEN_FILE= - After you've set the preceding environment variables, specify the ``MONGODB-AWS`` + After you've set the preceding environment variable, specify the ``MONGODB-AWS`` authentication mechanism in your connection string as shown in the following example: .. literalinclude:: /code-snippets/authentication/aws-env-variable.js From c55d74746b61710e71a3bf176f8fbfc54e58c82a Mon Sep 17 00:00:00 2001 From: Jordan Smith Date: Fri, 23 May 2025 12:31:19 -0400 Subject: [PATCH 3/3] remove warning --- source/security/authentication/aws-iam.txt | 6 ------ 1 file changed, 6 deletions(-) diff --git a/source/security/authentication/aws-iam.txt b/source/security/authentication/aws-iam.txt index e9799705d..d647633ff 100644 --- a/source/security/authentication/aws-iam.txt +++ b/source/security/authentication/aws-iam.txt @@ -116,12 +116,6 @@ The driver checks for your credentials in the following sources in order: ``us-east-1``. For a list of available AWS regions, see the `Regional Endpoints `__ section of the AWS Service Endpoints reference in the AWS documentation. - - .. warning:: Consult your SDK's Documentation for Setting an AWS Region - - You cannot set your AWS region with environment variables for all SDKs, - as in the above example. See your SDK's specific documentation for - configuring an AWS region. After you've set the preceding environment variables, specify the ``MONGODB-AWS`` authentication mechanism in your connection string as shown in the following example: