DOCSP-50295 Move AWS STS copy (#1155)

jordan-smith721 · web-flow · commit 8709448872fa · 2025-05-27T11:17:32.000-04:00
diff --git a/source/security/authentication/aws-iam.txt b/source/security/authentication/aws-iam.txt
@@ -100,6 +100,22 @@ The driver checks for your credentials in the following sources in order:
 
          Omit the line containing ``AWS_SESSION_TOKEN`` if you don't need an AWS
          session token for that role.
+
+      AWS recommends using regional AWS STS endpoints instead of global 
+      endpoints to reduce latency, build-in redundancy, and increase session token validity.
+      To set the AWS region, set `AWS_REGION <https://docs.aws.amazon.com/sdkref/latest/guide/feature-region.html>`__ 
+      and `AWS_STS_REGIONAL_ENDPOINTS <https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html>`__
+      as environment variables, as shown in the following example: 
+
+      .. code-block:: bash
+         
+         export AWS_STS_REGIONAL_ENDPOINTS=regional // Enables regional endpoints
+         export AWS_REGION=us-east-1 // Sets your AWS region
+         
+      If both these environment variables aren't set, the default region is 
+      ``us-east-1``. For a list of available AWS regions, see the
+      `Regional Endpoints <https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints>`__ 
+      section of the AWS Service Endpoints reference in the AWS documentation. 
       
       After you've set the preceding environment variables, specify the ``MONGODB-AWS``
       authentication mechanism in your connection string as shown in the following example:
@@ -131,29 +147,7 @@ The driver checks for your credentials in the following sources in order:
 
          export AWS_WEB_IDENTITY_TOKEN_FILE=<absolute path to file containing your OIDC token>
 
-      AWS recommends using regional AWS STS endpoints instead of global 
-      endpoints to reduce latency, build-in redundancy, and increase session token validity.
-      To set the AWS region, set `AWS_REGION <https://docs.aws.amazon.com/sdkref/latest/guide/feature-region.html>`__ 
-      and `AWS_STS_REGIONAL_ENDPOINTS <https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html>`__
-      as environment variables, as shown in the following example: 
-
-      .. code-block:: bash
-         
-         export AWS_STS_REGIONAL_ENDPOINTS=regional // Enables regional endpoints
-         export AWS_REGION=us-east-1 // Sets your AWS region
-         
-      If both these environment variables aren't set, the default region is 
-      ``us-east-1``. For a list of available AWS regions, see the
-      `Regional Endpoints <https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints>`__ 
-      section of the AWS Service Endpoints reference in the AWS documentation. 
-
-      .. warning:: Consult your SDK's Documentation for Setting an AWS Region
-
-         You cannot set your AWS region with environment variables for all SDKs,
-         as in the above example. See your SDK's specific documentation for 
-         configuring an AWS region. 
-
-      After you've set the preceding environment variables, specify the ``MONGODB-AWS``
+      After you've set the preceding environment variable, specify the ``MONGODB-AWS``
       authentication mechanism in your connection string as shown in the following example:
 
       .. literalinclude:: /code-snippets/authentication/aws-env-variable.js
