Maybe it was just me being lame, so it took a while to me how to connect with mongosh to a database with an AWS IAM role as user, whereas the role is attached to a kubernetes service account on an AWS (EKS) cluster with IRSA enabled.
So once you created the role on AWS IAM, created the user on mongo, created the pod with the service account attached, all you need to run is
read AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN < <(aws sts assume-role-with-web-identity --role-arn $ROLE_ARN --role-session-name mongo --web-identity-token file:///var/run/secrets/eks.amazonaws.com/serviceaccount/token --query ‘Credentials.[AccessKeyId, SecretAccessKey, SessionToken]’ --output text)
mongosh “mongodb+srv://blalalla.mongodb.net/?authSource=%24external&authMechanism=MONGODB-AWS” --username $AWS_ACCESS_KEY_ID --password $AWS_SECRET_ACCESS_KEY --awsIamSessionToken $AWS_SESSION_TOKEN
to get access to the cluster/database.