When trying to authenticate from ARNs for AWS China and Gov regions, the server throws an error message:
{"t":{"$date":"2021-02-24T21:46:18.029+00:00"},"s":"I", "c":"ACCESS", "id":20249, "ctx":"conn785","msg":"Authentication failed","attr":{"mechanism":"MONGODB-AWS","principalName":"AKIA5BNHFCACSUUDSOR3","authenticationDatabase":"$external","client":"66.65.136.84:50215","result":"Location51282: Incorrect ARN"}}
It appears the code needs to be updated in the following places:
https://github.com/10gen/mongo-enterprise-modules/blob/master/src/sasl/sasl_aws_server_protocol.cpp#L216-L217
Example ARNs:
- arn:aws-cn:iam::123312345293:user/some.person
- arn:aws-cn:iam::123312345293:role/my-test-kms
- arn:aws-us-gov:iam::123312345293:user/someone.else
- arn:aws-us-gov:iam::123312345293:role/test-role
Note that for roles, Atlas converts the ARNs to the STS format.