Document DB login via Azure AD

Amazon DocumentDB doesn't have direct integration with Azure AD (now known as Microsoft Entra ID), but there are several approaches you can consider:

1. Use IAM Authentication with Amazon DocumentDB:

• Amazon DocumentDB supports password-less authentication using AWS IAM users and roles
• This feature is available in DocumentDB instance-based cluster version 5.0
• It provides centralized authentication and simplified access management

2. AWS Managed Microsoft AD as a bridge:

• Set up AWS Managed Microsoft AD as a resource forest
• Establish a trust relationship (one-way or two-way) between your Azure AD and AWS Managed Microsoft AD
• Use this bridge to authenticate users to AWS services including DocumentDB

3. AWS IAM Identity Center integration:

• Use AWS IAM Identity Center (formerly AWS SSO) in conjunction with Microsoft Entra Connect and AD FS
• This setup allows synchronization of users from your on-premises AD to Microsoft Entra ID
• Users can then access AWS services using their AD credentials

4. For organizations heavily invested in the Microsoft ecosystem, the combination of AWS IAM Identity Center with Microsoft Entra Connect and AD FS provides a comprehensive solution that could help manage access to DocumentDB through IAM roles.

The best approach depends on your specific requirements, existing infrastructure, and security needs. The IAM authentication method for DocumentDB is particularly noteworthy as it eliminates the need to manage database passwords and aligns with AWS security best practices.
Sources
AWS integrate with AD\AAD | AWS re:Post
Enhance security of your AWS app integration with AWS Managed Microsoft AD | Microsoft Workloads on AWS
Use IAM authentication with Amazon DocumentDB (with MongoDB compatibility) | AWS Database Blog