Summary

Some drivers use a lightweight in-house implementation of the MONGODB-AWS mechanism to avoid taking a dependency on the AWS ASK (e.g. Go Driver). However, that internal logic can diverge from the official AWS SDK’s environmental configurations (e.g. region parsing). Drivers that offer such a solution should also be required to offer an opt-in SDK-backed authentication path.

Motivation

Who is the affected end user?

Users who rely on environmental configurations that would not necessarily be implemented by interfacing with a lightweight SDK wrapper.

How does this affect the end user?

Env variables like AWS_STS_REGIONAL_ENDPOINTS may not be honored leaded to confusing connection establishment errors.

How likely is it that this problem or use case will occur?

Unknown

If the problem does occur, what are the consequences and how severe are they?

User's would have to implement their own authentication solution.

Is this issue urgent?

Unknown

Is this ticket required by a downstream team?

No

Is this ticket only for tests?

No

Acceptance Criteria

Add the following to the auth specifications:

Drivers that use a lightweight, no-SDK MONGODB-AWS implementation MUST also expose an opt-in AWS-SDK-backed solution.