Connecting with authMechanism=MONGODB-AWS authSource=$external doesn't seem to work with IAM Identity Center temporary credentials #1170
Description
Bug Report
Current Behavior
We are establishing temporary session to AWS using IAM Identity Center and trying to connect to the database using a connection string like this:
mongodb+srv://prod.xyz.mongodb.net/db?authMechanism=MONGODB-AWS&authSource=%24external
It works fine from Compass, and from the C# Driver (as long as we have AWSSDK.SSO, and AWSSDK.SSOIDC nuget packages), but does not work from the MongoDB vscode extension.
What am I doing wrong?
Logs
I realize it's long, but here are some sanitized logs from the mongo extension I see in vscode.
2025-10-31 11:32:42.949 [info] [connection controller] Connect called to connect to instance [ 'prod.xyz.mongodb.net' ]
2025-10-31 11:32:42.950 [info] [connection controller] Connecting to MongoDB... [
{
connectionInfo: '{"id":"f98d3319-64a2-412f-ac32-64e769f09510","name":"prod.xyz.mongodb.net","source":"user","storageLocation":"GLOBAL","secretStorageLocation":"vscode.SecretStorage","connectionOptions":{"connectionString":"mongodb+srv://prod.xyz.mongodb.net/db?authMechanism=MONGODB-AWS&authSource=%24external"}}'
}
]
2025-10-31 11:32:42.950 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000014 },
'Connection 0',
'Connecting Started',
{
connectionId: 0,
url: 'mongodb+srv://prod.xyz.mongodb.net/db?authMechanism=MONGODB-AWS&authSource=%24external&appName=mongodb-vscode+1.14.2--7fc83dbb-3477-4a62-b75d-317eb9c744b1--f98d3319-64a2-412f-ac32-64e769f09510',
csfle: null
}
]
2025-10-31 11:32:42.953 [error] [connection controller] DEVTOOLS-CONNECT [
{ __value: 1000000041 },
'compass-deps',
'Missing optional dependency',
{
name: 'mongodb-client-encryption',
error: "Cannot find module 'mongodb-client-encryption'\n" +
'Require stack:\n' +
'- c:\\Users\\USER\\.vscode\\extensions\\mongodb.mongodb-vscode-1.14.2\\dist\\extension.js\n' +
'- c:\\Users\\USER\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\out\\vs\\workbench\\api\\node\\extensionHostProcess.js'
}
]
2025-10-31 11:32:42.953 [error] [connection controller] DEVTOOLS-CONNECT [
{ __value: 1000000041 },
'compass-deps',
'Missing optional dependency',
{
name: 'os-dns-native',
error: "Cannot find module 'os-dns-native'\n" +
'Require stack:\n' +
'- c:\\Users\\USER\\.vscode\\extensions\\mongodb.mongodb-vscode-1.14.2\\dist\\extension.js\n' +
'- c:\\Users\\USER\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\out\\vs\\workbench\\api\\node\\extensionHostProcess.js'
}
]
2025-10-31 11:32:42.954 [error] [connection controller] DEVTOOLS-CONNECT [
{ __value: 1000000041 },
'compass-deps',
'Missing optional dependency',
{
name: 'resolve-mongodb-srv',
error: "Cannot find module 'resolve-mongodb-srv'"
}
]
2025-10-31 11:32:42.956 [info] [connection controller] DEVTOOLS-CONNECT [
{ __value: 1000000049 },
'compass-connect',
'Loaded system CA list',
{
caCount: 150,
asyncFallbackError: undefined,
systemCertsError: "Cannot find module 'win-export-certificate-and-key'\n" +
'Require stack:\n' +
'- c:\\Users\\USER\\.vscode\\extensions\\mongodb.mongodb-vscode-1.14.2\\dist\\extension.js\n' +
'- c:\\Users\\USER\\AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\out\\vs\\workbench\\api\\node\\extensionHostProcess.js',
messages: []
}
]
2025-10-31 11:32:42.956 [error] [connection controller] DEVTOOLS-CONNECT [
{ __value: 1000000038 },
'compass-connect',
'Resolving SRV record failed',
{
from: '',
error: "Cannot find module 'resolve-mongodb-srv'",
duringLoad: true,
resolutionDetails: [],
durationMs: null
}
]
2025-10-31 11:32:42.962 [info] [connection controller] DEVTOOLS-CONNECT [
{ __value: 1000000042 },
'compass-connect',
'Initiating connection attempt',
{
uri: 'mongodb+srv://prod.xyz.mongodb.net/db?authMechanism=MONGODB-AWS&authSource=%24external&appName=mongodb-vscode+1.14.2--7fc83dbb-3477-4a62-b75d-317eb9c744b1--f98d3319-64a2-412f-ac32-64e769f09510',
driver: { name: 'nodejs', version: '6.20.0' },
devtoolsConnectVersion: '3.9.4',
host: 'prod.xyz.mongodb.net'
}
]
2025-10-31 11:32:43.176 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000021 },
'Connection 0',
'Topology description changed',
{
isWritable: false,
isMongos: false,
previousType: 'Unknown',
newType: 'ReplicaSetNoPrimary'
}
]
2025-10-31 11:32:43.176 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000019 },
'Connection 0',
'Server opening',
{ address: 'prod-shard-00-00.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:43.176 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000019 },
'Connection 0',
'Server opening',
{ address: 'prod-shard-00-01.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:43.176 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000019 },
'Connection 0',
'Server opening',
{ address: 'prod-shard-00-02.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:43.176 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000019 },
'Connection 0',
'Server opening',
{ address: 'prod-shard-00-03.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:43.496 [info] [connection controller] DEVTOOLS-CONNECT [
{ __value: 1000000035 },
'compass-connect',
'Server heartbeat succeeded',
{ connectionId: 'prod-shard-00-01.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:43.496 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000018 },
'Connection 0',
'Server description changed',
{
address: 'prod-shard-00-01.xyz.mongodb.net:27017',
error: null,
previousType: 'Unknown',
newType: 'RSPrimary'
}
]
2025-10-31 11:32:43.496 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000021 },
'Connection 0',
'Topology description changed',
{
isWritable: true,
isMongos: false,
previousType: 'ReplicaSetNoPrimary',
newType: 'ReplicaSetWithPrimary'
}
]
2025-10-31 11:32:43.496 [info] [connection controller] DEVTOOLS-CONNECT [
{ __value: 1000000037 },
'compass-connect',
'Connection attempt finished',
undefined
]
2025-10-31 11:32:43.526 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000027 },
'Connection 0',
'Driver connection created',
{
address: 'prod-shard-00-01.xyz.mongodb.net:27017',
serverConnectionId: 1
}
]
2025-10-31 11:32:43.529 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000018 },
'Connection 0',
'Server description changed',
{
address: 'prod-shard-00-00.xyz.mongodb.net:27017',
error: null,
previousType: 'Unknown',
newType: 'RSSecondary'
}
]
2025-10-31 11:32:43.529 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000021 },
'Connection 0',
'Topology description changed',
{
isWritable: true,
isMongos: false,
previousType: 'ReplicaSetWithPrimary',
newType: 'ReplicaSetWithPrimary'
}
]
2025-10-31 11:32:43.544 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000018 },
'Connection 0',
'Server description changed',
{
address: 'prod-shard-00-02.xyz.mongodb.net:27017',
error: null,
previousType: 'Unknown',
newType: 'RSSecondary'
}
]
2025-10-31 11:32:43.544 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000021 },
'Connection 0',
'Topology description changed',
{
isWritable: true,
isMongos: false,
previousType: 'ReplicaSetWithPrimary',
newType: 'ReplicaSetWithPrimary'
}
]
2025-10-31 11:32:43.594 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000018 },
'Connection 0',
'Server description changed',
{
address: 'prod-shard-00-03.xyz.mongodb.net:27017',
error: null,
previousType: 'Unknown',
newType: 'RSSecondary'
}
]
2025-10-31 11:32:43.594 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000021 },
'Connection 0',
'Topology description changed',
{
isWritable: true,
isMongos: false,
previousType: 'ReplicaSetWithPrimary',
newType: 'ReplicaSetWithPrimary'
}
]
2025-10-31 11:32:43.823 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000027 },
'Connection 0',
'Driver connection created',
{
address: 'prod-shard-00-01.xyz.mongodb.net:27017',
serverConnectionId: 2
}
]
2025-10-31 11:32:44.079 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000020 },
'Connection 0',
'Server closed',
{ address: 'prod-shard-00-00.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:44.079 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000020 },
'Connection 0',
'Server closed',
{ address: 'prod-shard-00-01.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:44.080 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000020 },
'Connection 0',
'Server closed',
{ address: 'prod-shard-00-02.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:44.080 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000020 },
'Connection 0',
'Server closed',
{ address: 'prod-shard-00-03.xyz.mongodb.net:27017' }
]
2025-10-31 11:32:44.080 [info] [connection controller] COMPASS-DATA-SERVICE [ { __value: 1001000315 }, 'Connection 0', 'Client is closed' ]
2025-10-31 11:32:44.080 [info] [connection controller] COMPASS-DATA-SERVICE [
{ __value: 1001000359 },
'Connection 0',
'Connecting Failed',
{ connectionId: 0, error: 'connect ENETUNREACH 169.254.169.254:80' }
]
2025-10-31 11:32:44.081 [error] [connection controller] Failed to connect by a connection id [
Error: connect ENETUNREACH 169.254.169.254:80
at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1637:16)
at TCPConnectWrap.callbackTrampoline (node:internal/async_hooks:130:17) {
errno: -4062,
code: 'ENETUNREACH',
syscall: 'connect',
address: '169.254.169.254',
port: 80
}
]