diff --git a/source/fundamentals/authentication/mechanisms.txt b/source/fundamentals/authentication/mechanisms.txt index d9b8ba8cc..d6534dad3 100644 --- a/source/fundamentals/authentication/mechanisms.txt +++ b/source/fundamentals/authentication/mechanisms.txt @@ -229,7 +229,29 @@ The driver checks for your credentials in the following sources in order: export AWS_WEB_IDENTITY_TOKEN_FILE= - After you've set the preceding environment variable, specify the ``MONGODB-AWS`` + AWS recommends using regional AWS STS endpoints instead of global + endpoints to reduce latency, build-in redundancy, and increase session token validity. + To set the AWS region, set `AWS_REGION `__ + and `AWS_STS_REGIONAL_ENDPOINTS `__ + as environment variables, as shown in the following example: + + .. code-block:: bash + + export AWS_STS_REGIONAL_ENDPOINTS=regional // Enables regional endpoints + export AWS_REGION=us-east-1 // Sets your AWS region + + If both these environment variables aren't set, the default region is + ``us-east-1``. For a list of available AWS regions, see the + `Regional Endpoints `__ + section of the AWS Service Endpoints reference in the AWS documentation. + + .. warning:: Consult your SDK's Documentation for Setting an AWS Region + + You cannot set your AWS region with environment variables for all SDKs, + as in the above example. See your SDK's specific documentation for + configuring an AWS region. + + After you've set the preceding environment variables, specify the ``MONGODB-AWS`` authentication mechanism in your connection string as shown in the following example: .. literalinclude:: /code-snippets/authentication/aws-env-variable.js