From fcff5c9623f1e33f569cc4328ecba4bb639fc940 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Mon, 3 Feb 2025 12:57:57 -0500 Subject: [PATCH 01/13] DOCSP-32752 Suppor for setting AWS region --- source/fundamentals/authentication/mechanisms.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index d9b8ba8cc..3e0ba62c1 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -235,6 +235,14 @@ The driver checks for your credentials in the following sources in order: .. literalinclude:: /code-snippets/authentication/aws-env-variable.js :language: javascript + .. note:: AWS Set Region + + AWS recommends using Regional AWS STS endpoints instead of the global + endpoint to reduce latency, build-in redundancy, and increase session token validity. + Set the following environment variables: AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', + and AWS_REGION must be set. + + .. important:: Retrieval of AWS Credentials Starting in version 4.11, when you install the optional From 790ec3a9736e638da4c46cde7260dd3dabff52d7 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 4 Feb 2025 16:38:03 -0500 Subject: [PATCH 02/13] edits --- .../authentication/mechanisms.txt | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index 3e0ba62c1..846b9751c 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -235,13 +235,22 @@ The driver checks for your credentials in the following sources in order: .. literalinclude:: /code-snippets/authentication/aws-env-variable.js :language: javascript - .. note:: AWS Set Region + .. note:: How to Set the AWS Region - AWS recommends using Regional AWS STS endpoints instead of the global - endpoint to reduce latency, build-in redundancy, and increase session token validity. - Set the following environment variables: AWS_STS_REGIONAL_ENDPOINTS MUST be set to either 'legacy' or 'regional', - and AWS_REGION must be set. + AWS recommends using Regional AWS STS endpoints instead of global + endpoints to reduce latency, build-in redundancy, and increase session token validity. + To set the AWS region, set the following environment variables: + + - ``AWS_STS_REGIONAL_ENDPOINTS``: Set to ``regional`` to enable regional endpoints. + + - ``AWS_REGION``: Set to an AWS region, like ``us-east-2``. For a list of available AWS regions, + see the `AWS Regions `__ + guide in the AWS documentation. + + For more information on setting the AWS Region for regional endpoints, see + `How to use Regional AWS STS endpoints `__ + on the AWS Security Blog. .. important:: Retrieval of AWS Credentials From e5967f70a83270baaf93867eaa80749fde26fd78 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 4 Feb 2025 16:45:07 -0500 Subject: [PATCH 03/13] merge --- source/fundamentals/authentication/mechanisms.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index 846b9751c..7e7a4b334 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -248,6 +248,7 @@ The driver checks for your credentials in the following sources in order: see the `AWS Regions `__ guide in the AWS documentation. + For more information on setting the AWS Region for regional endpoints, see `How to use Regional AWS STS endpoints `__ on the AWS Security Blog. From bd27e717104dc160d07b2eab0180fbe29c7260b3 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 4 Feb 2025 16:46:25 -0500 Subject: [PATCH 04/13] another merge attempt --- source/fundamentals/authentication/mechanisms.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index cb8a32d97..b201c378a 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -247,7 +247,6 @@ The driver checks for your credentials in the following sources in order: see the `AWS Regions `__ guide in the AWS documentation. - For more information on setting the AWS Region for regional endpoints, see `How to use Regional AWS STS endpoints `__ on the AWS Security Blog. From 0e48c7f57ef09affe6e6b346916f674b67b8c908 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 4 Feb 2025 16:50:22 -0500 Subject: [PATCH 05/13] edit --- source/fundamentals/authentication/mechanisms.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index b201c378a..2dfb7fd16 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -236,7 +236,7 @@ The driver checks for your credentials in the following sources in order: .. note:: How to Set the AWS Region - AWS recommends using Regional AWS STS endpoints instead of global + AWS recommends using regional AWS STS endpoints instead of global endpoints to reduce latency, build-in redundancy, and increase session token validity. To set the AWS region, set the following environment variables: From b7fc9aef4767f50306acb4d577ccd80f9467438d Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 4 Feb 2025 16:51:27 -0500 Subject: [PATCH 06/13] edit on title --- source/fundamentals/authentication/mechanisms.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index 2dfb7fd16..526129494 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -234,7 +234,7 @@ The driver checks for your credentials in the following sources in order: .. literalinclude:: /code-snippets/authentication/aws-env-variable.js :language: javascript - .. note:: How to Set the AWS Region + .. note:: How to Set the AWS Region for Regional Endpoints AWS recommends using regional AWS STS endpoints instead of global endpoints to reduce latency, build-in redundancy, and increase session token validity. From e3365b208d48123721ee60479027be70614d5f8c Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 5 Feb 2025 13:49:19 -0500 Subject: [PATCH 07/13] RM review --- .../authentication/mechanisms.txt | 37 ++++++++++--------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index 526129494..420f70b95 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -228,28 +228,29 @@ The driver checks for your credentials in the following sources in order: export AWS_WEB_IDENTITY_TOKEN_FILE= - After you've set the preceding environment variable, specify the ``MONGODB-AWS`` - authentication mechanism in your connection string as shown in the following example: - - .. literalinclude:: /code-snippets/authentication/aws-env-variable.js - :language: javascript + AWS recommends using regional AWS STS endpoints instead of global + endpoints to reduce latency, build-in redundancy, and increase session token validity. + To set the AWS region, set ``AWS_REGION`` and ``AWS_STS_REGIONAL_ENDPOINTS`` + as environment variables, as shown in the following example: - .. note:: How to Set the AWS Region for Regional Endpoints + .. code-block:: bash + + export AWS_STS_REGIONAL_ENDPOINTS=regional // Enables regional endpoints + export AWS_REGION=us-east-1 // Sets your AWS region + + For a list of available AWS regions, see the + `AWS Regions `__ + guide in the AWS documentation. - AWS recommends using regional AWS STS endpoints instead of global - endpoints to reduce latency, build-in redundancy, and increase session token validity. + For more information on setting the AWS Region for regional endpoints, see + `How to use Regional AWS STS endpoints `__ + on the AWS Security Blog. - To set the AWS region, set the following environment variables: - - - ``AWS_STS_REGIONAL_ENDPOINTS``: Set to ``regional`` to enable regional endpoints. - - - ``AWS_REGION``: Set to an AWS region, like ``us-east-2``. For a list of available AWS regions, - see the `AWS Regions `__ - guide in the AWS documentation. + After you've set the preceding environment variables, specify the ``MONGODB-AWS`` + authentication mechanism in your connection string as shown in the following example: - For more information on setting the AWS Region for regional endpoints, see - `How to use Regional AWS STS endpoints `__ - on the AWS Security Blog. + .. literalinclude:: /code-snippets/authentication/aws-env-variable.js + :language: javascript .. important:: Retrieval of AWS Credentials From c9ca014c25486c8ff61b31d8a43033466c35bed3 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 5 Feb 2025 13:59:48 -0500 Subject: [PATCH 08/13] update links --- source/fundamentals/authentication/mechanisms.txt | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index 420f70b95..ebe7dc2ef 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -230,7 +230,8 @@ The driver checks for your credentials in the following sources in order: AWS recommends using regional AWS STS endpoints instead of global endpoints to reduce latency, build-in redundancy, and increase session token validity. - To set the AWS region, set ``AWS_REGION`` and ``AWS_STS_REGIONAL_ENDPOINTS`` + To set the AWS region, set `AWS_REGION `__ + and `AWS_STS_REGIONAL_ENDPOINTS `__ as environment variables, as shown in the following example: .. code-block:: bash @@ -239,12 +240,8 @@ The driver checks for your credentials in the following sources in order: export AWS_REGION=us-east-1 // Sets your AWS region For a list of available AWS regions, see the - `AWS Regions `__ - guide in the AWS documentation. - - For more information on setting the AWS Region for regional endpoints, see - `How to use Regional AWS STS endpoints `__ - on the AWS Security Blog. + `AWS Service Endpoints `__ + reference in the AWS documentation. After you've set the preceding environment variables, specify the ``MONGODB-AWS`` authentication mechanism in your connection string as shown in the following example: From 23d349f5e087375f4695f49843acca09463bcd0f Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 5 Feb 2025 14:03:22 -0500 Subject: [PATCH 09/13] default region --- source/fundamentals/authentication/mechanisms.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index ebe7dc2ef..b0d281c98 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -239,7 +239,8 @@ The driver checks for your credentials in the following sources in order: export AWS_STS_REGIONAL_ENDPOINTS=regional // Enables regional endpoints export AWS_REGION=us-east-1 // Sets your AWS region - For a list of available AWS regions, see the + If both these environment variables aren't set, the default region is + ``us-east-1``. For a list of available AWS regions, see the `AWS Service Endpoints `__ reference in the AWS documentation. From db0cff43bccedcf8a001071c7e99b13d68b00dec Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 5 Feb 2025 15:56:49 -0500 Subject: [PATCH 10/13] tech review note --- source/fundamentals/authentication/mechanisms.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index b0d281c98..b21a0601b 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -244,6 +244,13 @@ The driver checks for your credentials in the following sources in order: `AWS Service Endpoints `__ reference in the AWS documentation. + .. note:: Consult your SDK Documentation for Setting an AWS Region + + Some SDKs do not allow you to set an AWS region by using environment + variables. When you configure an AWS region with other SDKs, + see your SDK's specific documentation for configuring an AWS + region. + After you've set the preceding environment variables, specify the ``MONGODB-AWS`` authentication mechanism in your connection string as shown in the following example: From 0615a2a4d100f5f1e7e14e2400fc866f0004a002 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 5 Feb 2025 16:03:54 -0500 Subject: [PATCH 11/13] change wanring msg --- source/fundamentals/authentication/mechanisms.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index b21a0601b..88f0c6690 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -244,11 +244,11 @@ The driver checks for your credentials in the following sources in order: `AWS Service Endpoints `__ reference in the AWS documentation. - .. note:: Consult your SDK Documentation for Setting an AWS Region + .. warning:: Consult your SDK's Documentation for Setting an AWS Region - Some SDKs do not allow you to set an AWS region by using environment - variables. When you configure an AWS region with other SDKs, - see your SDK's specific documentation for configuring an AWS + Setting your AWS region by using the above method will not work for all + SDKs. Some SDKs do not allow you to set an AWS region by using environment + variables. See your SDK's specific documentation for configuring an AWS region. After you've set the preceding environment variables, specify the ``MONGODB-AWS`` From 577241514e3f05406930da6afb864d256ab5f1b6 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 5 Feb 2025 16:14:54 -0500 Subject: [PATCH 12/13] wording changed --- source/fundamentals/authentication/mechanisms.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index 88f0c6690..53eac94ba 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -246,10 +246,9 @@ The driver checks for your credentials in the following sources in order: .. warning:: Consult your SDK's Documentation for Setting an AWS Region - Setting your AWS region by using the above method will not work for all - SDKs. Some SDKs do not allow you to set an AWS region by using environment - variables. See your SDK's specific documentation for configuring an AWS - region. + You cannot set your AWS region with environment variables for all SDKs, + as in the above example. See your SDK's specific documentation for + configuring an AWS region. After you've set the preceding environment variables, specify the ``MONGODB-AWS`` authentication mechanism in your connection string as shown in the following example: From 5368fd2bbd3d9901adf352e034efd9d3493bb936 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 6 Feb 2025 13:31:02 -0500 Subject: [PATCH 13/13] change link --- source/fundamentals/authentication/mechanisms.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index 53eac94ba..b4b6a681d 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -240,9 +240,9 @@ The driver checks for your credentials in the following sources in order: export AWS_REGION=us-east-1 // Sets your AWS region If both these environment variables aren't set, the default region is - ``us-east-1``. For a list of available AWS regions, see the - `AWS Service Endpoints `__ - reference in the AWS documentation. + ``us-east-1``. For a list of available AWS regions, see the + `Regional Endpoints `__ + section of the AWS Service Endpoints reference in the AWS documentation. .. warning:: Consult your SDK's Documentation for Setting an AWS Region