From 576e8c693ceff3440b248451c3b0da236b403e3b Mon Sep 17 00:00:00 2001
From: Pavel Safronov <pavel.safronov@gmail.com>
Date: Fri, 26 Dec 2025 10:24:58 -0800
Subject: [PATCH 1/3] doc: add documentation for running aws integ tests
 locally

---
 .evergreen/run-mongodb-aws-test.sh |  3 +++
 etc/run-aws-integ-tests.sh         | 33 ++++++++++++++++++++++++++++++
 test/readme.md                     | 28 +++++++++++++++++++++++++
 3 files changed, 64 insertions(+)
 create mode 100755 etc/run-aws-integ-tests.sh

diff --git a/.evergreen/run-mongodb-aws-test.sh b/.evergreen/run-mongodb-aws-test.sh
index 900f56be8ce..8a933166917 100755
--- a/.evergreen/run-mongodb-aws-test.sh
+++ b/.evergreen/run-mongodb-aws-test.sh
@@ -9,4 +9,7 @@ source .evergreen/setup-mongodb-aws-auth-tests.sh
 # load node.js environment
 source $DRIVERS_TOOLS/.evergreen/init-node-and-npm-env.sh
 
+# clear AWS_PROFILE, so it doesn't interfere with env-creds
+unset AWS_PROFILE
+
 npm run check:aws
diff --git a/etc/run-aws-integ-tests.sh b/etc/run-aws-integ-tests.sh
new file mode 100755
index 00000000000..4f13581680e
--- /dev/null
+++ b/etc/run-aws-integ-tests.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -euxo pipefail # Exit on error, undefined variable, and fail on pipe errors
+
+# NOTE: This script assumes that you've created an AWS SSO session already, as outlined in
+# ./test/readme.md, section `AWS Profile`,  and you have an AWS profile
+# named `drivers-test-secrets-role-857654397073` in your AWS config.
+
+# Choose credential type: env-creds or session-creds
+# export AWS_CREDENTIAL_TYPE="env-creds"
+export AWS_CREDENTIAL_TYPE="session-creds"
+export VERSION="latest"
+export NODE_LTS_VERSION="24"
+export AUTH="auth"
+export ORCHESTRATION_FILE="auth-aws.json"
+export TOPOLOGY="server"
+export NODE_DRIVER="$DRIVERS_TOOLS/.."
+export AWS_PROFILE="drivers-test-secrets-role-857654397073"
+
+# Enable for verbose logging
+# export MONGODB_LOG_ALL="debug"
+# export MONGODB_LOG_PATH="stderr"
+
+echo "Assuming AWS SSO role..."
+aws sso login --sso-session drivers-test-secrets-session
+
+echo "Installing dependencies..."
+bash ${NODE_DRIVER}/.evergreen/install-dependencies.sh
+
+echo "Bootstrapping orchestration..."
+bash ${NODE_DRIVER}/.evergreen/run-orchestration.sh
+
+echo "Running AWS integration tests with env-creds from $NODE_DRIVER ..."
+bash ${NODE_DRIVER}/.evergreen/run-mongodb-aws-test.sh
diff --git a/test/readme.md b/test/readme.md
index f9c38ac636d..6264b339211 100644
--- a/test/readme.md
+++ b/test/readme.md
@@ -39,6 +39,7 @@ about the types of tests and how to run them.
       - [Deployed Lambda Tests](#deployed-lambda-tests)
     - [Kerberos Tests](#kerberos-tests)
     - [AWS Authentication tests](#aws-authentication-tests)
+      - [AWS Profile](#aws-profile)
     - [Container Tests](#container-tests)
   - [GCP](#gcp)
   - [Azure](#azure)
@@ -647,6 +648,33 @@ Choose your AWS authentication credential type and export the `AWS_CREDENTIAL_TY
 
 1. Run the `bash .evergreen/run-mongodb-aws-tests.sh`.
 
+An example of performing the above is [`etc/run-aws-integ-tests.sh`](etc/run-aws-integ-tests.sh).
+
+#### AWS Profile
+
+Setup an AWS_PROFILE locally to be able to use AWS and to run AWS tests locally.
+
+1. Get SSO sign-in info from AWS
+   1. Navigate to https://corp.mongodb.com/app/UserHome
+   2. Open AWS
+   3. Choose `Drivers` account
+   4. Choose `drivers-test-secrets-role`
+   5. Click `Access Keys`
+   6. Copy down `SSO start URL` and `SSO Region`
+2. Sign in locally
+   1. Run `aws configure sso-session`
+   2. Pick a name, like `drivers-test-secrets-session`
+   3. Specify `SSO start URL` and `SSO Region` from earlier steps
+3. Add a profile
+   1. Add the following profile to `~/.aws/config`
+
+   ```ini
+   [profile drivers-test-secrets-role-857654397073]
+   sso_session = drivers-test-secrets-session
+   sso_account_id = 857654397073
+   sso_role_name = drivers-test-secrets-role
+   ```
+
 ### Container Tests
 
 It may become required to run tests or debug code inside a live Azure or GCP container. The best way to do this is to leverage

From 03ae48ca23863185526267b6c83715f85ca1fa17 Mon Sep 17 00:00:00 2001
From: Pavel Safronov <pavel.safronov@mongodb.com>
Date: Mon, 26 Jan 2026 13:12:29 -0800
Subject: [PATCH 2/3] Update etc/run-aws-integ-tests.sh

Co-authored-by: Bailey Pearson <bailey.pearson@gmail.com>
---
 etc/run-aws-integ-tests.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/run-aws-integ-tests.sh b/etc/run-aws-integ-tests.sh
index 4f13581680e..f34ff1f2c53 100755
--- a/etc/run-aws-integ-tests.sh
+++ b/etc/run-aws-integ-tests.sh
@@ -2,7 +2,7 @@
 set -euxo pipefail # Exit on error, undefined variable, and fail on pipe errors
 
 # NOTE: This script assumes that you've created an AWS SSO session already, as outlined in
-# ./test/readme.md, section `AWS Profile`,  and you have an AWS profile
+# ../test/readme.md, section `AWS Profile`,  and you have an AWS profile
 # named `drivers-test-secrets-role-857654397073` in your AWS config.
 
 # Choose credential type: env-creds or session-creds

From 0c7f0be4d44a85c0cb98900afbaa83bc78fa24e8 Mon Sep 17 00:00:00 2001
From: Pavel Safronov <pavel.safronov@gmail.com>
Date: Mon, 26 Jan 2026 15:22:57 -0800
Subject: [PATCH 3/3] PR feeedback: - moved contents of run-aws-integ-tests.sh
 into readme - moved readme info around

---
 etc/run-aws-integ-tests.sh | 33 -----------------
 test/readme.md             | 76 +++++++++++++++++++++++++++-----------
 2 files changed, 54 insertions(+), 55 deletions(-)
 delete mode 100755 etc/run-aws-integ-tests.sh

diff --git a/etc/run-aws-integ-tests.sh b/etc/run-aws-integ-tests.sh
deleted file mode 100755
index f34ff1f2c53..00000000000
--- a/etc/run-aws-integ-tests.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-set -euxo pipefail # Exit on error, undefined variable, and fail on pipe errors
-
-# NOTE: This script assumes that you've created an AWS SSO session already, as outlined in
-# ../test/readme.md, section `AWS Profile`,  and you have an AWS profile
-# named `drivers-test-secrets-role-857654397073` in your AWS config.
-
-# Choose credential type: env-creds or session-creds
-# export AWS_CREDENTIAL_TYPE="env-creds"
-export AWS_CREDENTIAL_TYPE="session-creds"
-export VERSION="latest"
-export NODE_LTS_VERSION="24"
-export AUTH="auth"
-export ORCHESTRATION_FILE="auth-aws.json"
-export TOPOLOGY="server"
-export NODE_DRIVER="$DRIVERS_TOOLS/.."
-export AWS_PROFILE="drivers-test-secrets-role-857654397073"
-
-# Enable for verbose logging
-# export MONGODB_LOG_ALL="debug"
-# export MONGODB_LOG_PATH="stderr"
-
-echo "Assuming AWS SSO role..."
-aws sso login --sso-session drivers-test-secrets-session
-
-echo "Installing dependencies..."
-bash ${NODE_DRIVER}/.evergreen/install-dependencies.sh
-
-echo "Bootstrapping orchestration..."
-bash ${NODE_DRIVER}/.evergreen/run-orchestration.sh
-
-echo "Running AWS integration tests with env-creds from $NODE_DRIVER ..."
-bash ${NODE_DRIVER}/.evergreen/run-mongodb-aws-test.sh
diff --git a/test/readme.md b/test/readme.md
index 6264b339211..329f3a125c6 100644
--- a/test/readme.md
+++ b/test/readme.md
@@ -27,6 +27,8 @@ about the types of tests and how to run them.
   - [Running Benchmarks](#running-benchmarks)
     - [Configuration](#configuration)
   - [Secrets](#secrets)
+    - [CSFLE](#csfle)
+    - [AWS Profile](#aws-profile)
   - [Testing with Special Environments](#testing-with-special-environments)
     - [Load Balanced](#load-balanced)
     - [Client-Side Field-Level Encryption (CSFLE)](#client-side-field-level-encryption-csfle)
@@ -39,7 +41,7 @@ about the types of tests and how to run them.
       - [Deployed Lambda Tests](#deployed-lambda-tests)
     - [Kerberos Tests](#kerberos-tests)
     - [AWS Authentication tests](#aws-authentication-tests)
-      - [AWS Profile](#aws-profile)
+      - [Running AWS tests](#running-aws-tests)
     - [Container Tests](#container-tests)
   - [GCP](#gcp)
   - [Azure](#azure)
@@ -369,6 +371,8 @@ Local use of secrets manager requires:
 
 (see instructions in the secrets handling readme).
 
+### CSFLE
+
 Here's an example usage of the tooling in drivers-evergreen-tools that configures credentials for CSFLE:
 
 ```bash
@@ -383,6 +387,33 @@ source secrets-export.sh
 > [!IMPORTANT]
 > Make sure `secrets-export.sh` is in the .gitignore of any Github repo you might be using these tools in to avoid leaking credentials.  This is already done for this repo.
 
+### AWS Profile
+
+These instructions will help you locally configure profile-based AWS credentials.
+
+Setup an AWS_PROFILE locally to be able to use AWS and to run AWS tests locally.
+
+1. Get SSO sign-in info from AWS
+   1. Navigate to https://corp.mongodb.com/app/UserHome
+   2. Open AWS
+   3. Choose `Drivers` account
+   4. Choose `drivers-test-secrets-role`
+   5. Click `Access Keys`
+   6. Copy down `SSO start URL` and `SSO Region`
+2. Sign in locally
+   1. Run `aws configure sso-session`
+   2. Pick a name, like `drivers-test-secrets-session`
+   3. Specify `SSO start URL` and `SSO Region` from earlier steps
+3. Add a profile
+   1. Add the following profile to `~/.aws/config`
+
+   ```ini
+   [profile drivers-test-secrets-role-857654397073]
+   sso_session = drivers-test-secrets-session
+   sso_account_id = 857654397073
+   sso_role_name = drivers-test-secrets-role
+   ```
+
 ## Testing with Special Environments
 
 In order to test some features, you will need to generate and set a specialized group of environment variables. The subsections below will walk you through how to generate and set the environment variables for these features.
@@ -650,30 +681,31 @@ Choose your AWS authentication credential type and export the `AWS_CREDENTIAL_TY
 
 An example of performing the above is [`etc/run-aws-integ-tests.sh`](etc/run-aws-integ-tests.sh).
 
-#### AWS Profile
+#### Running AWS tests
 
-Setup an AWS_PROFILE locally to be able to use AWS and to run AWS tests locally.
+Once you have the AWS Profile configured locally (see section "AWS Profile" for more info), you can run tests like this:
 
-1. Get SSO sign-in info from AWS
-   1. Navigate to https://corp.mongodb.com/app/UserHome
-   2. Open AWS
-   3. Choose `Drivers` account
-   4. Choose `drivers-test-secrets-role`
-   5. Click `Access Keys`
-   6. Copy down `SSO start URL` and `SSO Region`
-2. Sign in locally
-   1. Run `aws configure sso-session`
-   2. Pick a name, like `drivers-test-secrets-session`
-   3. Specify `SSO start URL` and `SSO Region` from earlier steps
-3. Add a profile
-   1. Add the following profile to `~/.aws/config`
+```sh
+export AWS_CREDENTIAL_TYPE="session-creds" # session-creds || env-creds
+export VERSION="latest"
+export NODE_LTS_VERSION="24"
+export AUTH="auth"
+export ORCHESTRATION_FILE="auth-aws.json"
+export TOPOLOGY="server"
+export NODE_DRIVER="$DRIVERS_TOOLS/.."
+export AWS_PROFILE="drivers-test-secrets-role-857654397073"
 
-   ```ini
-   [profile drivers-test-secrets-role-857654397073]
-   sso_session = drivers-test-secrets-session
-   sso_account_id = 857654397073
-   sso_role_name = drivers-test-secrets-role
-   ```
+# Login with AWS Profile
+aws sso login --sso-session drivers-test-secrets-session
+
+# Install dependencies
+bash ${NODE_DRIVER}/.evergreen/install-dependencies.sh
+
+# Orchestration
+bash ${NODE_DRIVER}/.evergreen/run-orchestration.sh
+
+bash ${NODE_DRIVER}/.evergreen/run-mongodb-aws-test.sh
+```
 
 ### Container Tests