Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Authentication
Labels:
None

Quarter:
- FY26Q3
Confidence Status:
None

Assigned Teams:

Go Drivers

Documentation Changes Summary:

Hide

1. What would you like to communicate to the user about this feature?
2. Would you like the user to see examples of the syntax and/or executable code and its output?
3. Which versions of the driver/connector does this apply to?

Show
1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

The build in MONGODB-AWS authenticator in the Go driver uses a minimal internal AWS implementation that derives the signing region from the server-sent STS host (sm.Host), ignoring standard AWS SDK environment variables like AWS_STS_REGIONAL_ENDPOINT=regional and AWS_REGION. This forces users to create custom authenticator solutions which can be rather complicated (see here).

This ticket proposes that we create an optional submodule:

go.mongodb.org/mongo-driver/v2/x/driver/auth/mongoaws

That depends on github.com/aws/aws-sdk-go-v2 so that users can optionally register an AuthenticatorFactory that uses the official AWS SDK

import "go.mongodb.org/mongo-driver/v2/x/driver/auth/mongoaws"

func main() {
    auth.RegisterAuthenticatorFactory(auth.MongoDBAWS,mongoaws.AF)
}

Alternatively, we should investigate using a build tag to enable AWS as an optional dependency.

is duplicated by

GODRIVER-3454 Allow users to provide custom AWS configuration

Closed

is related to

GODRIVER-3570 AWS Go SDK is EOL by August 2025

Backlog

GODRIVER-2625 Consider Using AWS SDK for Auth

Backlog

GODRIVER-3568 Should Go driver honor AWS_STS_REGIONAL_ENDPOINTS/AWS_REGION in AssumeRoleProvider.RetrieveWithContext

Closed

related to

DRIVERS-3194 Add opt-in AWS SDK delegation for MONGODB-AWS Authentication

Closed

Assignee:: Unassigned
Reporter:: Preston Vasquez
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: May 21 2025 06:57:12 PM UTC
Updated:: Jun 17 2025 06:24:43 PM UTC
Confidence Status Last Update:: 27/May/25 6:06 PM

Estimated:

Remaining:

Logged:

Not Specified

Details

Description

Attachments

Issue Links

Activity

People

Dates

Time Tracking