Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
138 results found
-
Recovery after cluster delete
Cloud Backups should be recoverable even after a cluster delete otherwise they can't really be considered backups. One way to do this would be to allow for automated backup downloads to customer specified cloud provider storage.
6 votesHello,
I am pleased to announce that in Atlas you now have an option to retain all backups when terminating an M10+ cluster.
When you terminated a cluster through the Atlas Ui, on the termination confirmation pop up, you will now see an additional toggle labeled "Keep existing snapshots after termination". If you select this option when terminating your cluster, all of your backups for that cluster will be retained.
You can also choose to retain you backups for a cluster when deleting a cluster through the Atlas Administration API. When deleting a cluster through the API, you can include the retainBackups parameter and this will retain all of your backups after termination as well.
You can view or use the backups from a terminated (or other active) M10+ cluster by selecting the "Backup" tab in the left side navigation of the Atlas UI.
As I mentioned…
-
Add CFN resource to manage PrivateLink endpoints
As per the title, add a new CFN resource
MongoDB::Atlas::PrivateEndpoint
to manage PrivateLink interfaces into Atlas, based on https://docs.atlas.mongodb.com/reference/api/private-endpoints/2 votes -
AWS EBS gp3 Volumes
Please add support for the newly announced and already generally available AWS EBS feature. [1]
The top capability is: "The new gp3 volumes deliver a baseline performance of 3,000 IOPS and 125 MB/s at any volume size. Customers looking for higher performance can scale up to 16,000 IOPS and 1,000 MB/s for an additional fee." [2]
That basically means decoupling storage performance from storage size.
It would eliminate all our IOPS pain as 3000k is more than enough for our usecase. Currently, we are slightly overprovisioning storage size in order to guarantee minimal IOPS performance.[1] https://aws.amazon.com/about-aws/whats-new/2020/12/introducing-new-amazon-ebs-general-purpose-volumes-gp3/
[2] https://aws.amazon.com/ebs/general-purpose/17 votes -
Add possibility to invite api key(s) to newly created projects
For different types of automation, api key(s) must be added to project(s). It would be helpful if it could be possible to add existing api key(s) to new projects using
mongodbatlas\_project
terraform resource, example:
resource "mongodbatlas_project" "test" {
name = "project-name"
org_id = "<ORG\_ID>"teams {
team_id = "5e0fa8c99ccf641c722fe645"
role_names = ["GROUP_OWNER"]}
api_key {
public_key = "xyzxyzxy"
role_names = ["GROUP_READ_ONLY"]
}
}4 votesThis has been added as of version 1.2.0, released today. See https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/resources/project#api_key_id for more details. Thank you!
-
Security Key (FIDO2) MFA option
Please enable security key (e.g. https://www.yubico.com/gb/product/yubikey-5c-nfc/) option for MFA. Ideally using FIDO2 protocol
9 votesMongoDB added webAuthn support as an MFA method. Please use "Security Key/Biometric" MFA. option to use it with your FIDO2 keys.
https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/
-
Improve OKTA Location Detection
Hi,
This is really a message for your security / authentication engineers.
When you use Okta PUSH MFA, the popup on my mobile device reads "Did you just try to sign in? near Ashburn, Virginia, United States"
I am not near Ashburn, that's your server location. We use Okta Push at our company and had the same issue. It's a simple fix, tell your engineers to add:
'X-Forwarded-For': <users ip>,
With the user IP address that is sent to Okta, and it should geolocate properly. This is a small, albeit actual security issue with MongoDB, as I cannot safely differentiate…
1 voteThank you for your kind feedback. This issue has been fixed and Okta Push app should show now show the correct location. Thank you!
-
Allow to create/manage Private Endpoints for Data Lake / Online Archive
There's an API for these resources, but Terraform Provider lacks support of them:
https://docs.atlas.mongodb.com/reference/api/online-archive-private-link-create-one/
https://docs.atlas.mongodb.com/reference/api/online-archive-private-link-get-one/This would be useful for managing full cycle of Network access to Data Lakes
1 voteThis is now available in provider version 1.2. Thank you!
-
Export metrics to Prometheus
Currently there is only a community supported Prometheus integration (exporter) available which polls db.serverStatus() and doesn't include as much metrics as the Atlas UI/API provides. A similar integration as with New Relic and Datadog would help many customers that are using Prometheus and Grafana for monitoring.
83 votes -
Add resource to allow attachment of roles to mongodbatlas_cloud_provider_access
The need to do two applies to completely configure the
mongodbatlas_cloud_provider_access
resource should have never seen the light of day. I would like to see an additional resource that could attach a role to amongodbatlas_cloud_provider_access
after it has been created. Then you could use the attributes in themongodbatlas_cloud_provider_access
resource to create the role, then attach the role to it using theaccess_role_attachment
resource.9 votesCloud Provider Access in v0.9.0 now has a single apply method and the original two apply method.
-
Support for tagging clusters in Atlas
Please allow tagging at a cluster level. This will help in storing related metadata if required.
4 votes -
Vault Lock to protect Atlas Cloud Backups
We are currently looking for a solution to secure our Atlas backups.
Something similar to AWS Glacier Vault Lock [1] or a simple grace period before backups are deleted once and for all would be nice.
It would be amazing to protect the Atlas backups from being deleted.
Currently, if one of our Atlas admins was compromised, the damage for the company would be enormously high. So we need to implement measures against the final deletion of our most mission critical data.also mentioned in: [2]
[1] https://aws.amazon.com/de/blogs/security/amazon-glacier-introduces-vault-lock/
[2] https://developer.mongodb.com/community/forums/t/is-there-a-vault-lock-for-atlas-backups/1104110 votesHello,
I am pleased to announce that we have released our backup feature called Backup Compliance Policy, that protects your backups from being deleted by any user, ensuring WORM and full immutability (can not be edited/modified or deleted) for backups automatically in Atlas.
Backup Compliance Policy allows organizations to configure a project-level policy to prevent the deletion of backups before a predefined period, guarantee all clusters have backup enabled, ensure that all clusters have a minimum backup retention and schedule policy in place, and more.
With these controls, you can more easily satisfy data protection requirements (e.g., AppJ, DORA, immutable / WORM backups, etc.) without the need for manual processes.
Please note that the Backup Compliance Policy can not be disabled without MongoDB support once enabled so please make sure to read our documentation thoroughly before enabling.
-
hide index
Add a button/toggle to Hide and Unhide an Index from the Data Explorer/Indexes display for a 4.4+ deployment.
16 votes -
Cluster Termination Protection
It is possible to quickly delete an entire cluster, for example through terraform, if you're not careful.
It would be great to have a "Termination Protection" feature that can only be disabled in the Admin UI and not via the public APIs.
In terraform I could then enable it like so
resource "mongodbatlas_cluster" "my_cluster" { enable_delete_protection = true }
When I would run
terraform destroy
the cluster should not be destroyed and instead the API returns an error saying that the Cluster has Termination Protection enabled. If I want to disable it, I can login to the Admin UI, select…66 votesYou can now set "Termination Protection" for your Atlas cluster. For more information, see https://www.mongodb.com/docs/atlas/cluster-additional-settings/#termination-protection
-
Allow creation of a free cluster (M0) through the API
Through the API it is possible to create several projects within an organization, and as far as I understand you offer 1 free cluster per project....
So, why not create the M0 cluster also through the API? (considering the limitation of only 1 for the project, of course)
This would be of great help for integrations that automatically generate small test environments for certain applications that plan to use atlas as a database server.
4 votesHi Bruno,
Thank you for taking the time and raising this feedback. We believe it’s crucial to support you and development teams in integrating MongoDB with your CI / CD pipeline. For example by enabling generation of small test environments using M0 clusters.
With that in mind, we’re happy to share that this capability has been recently added to our Public APIs as well as MongoCLI. To learn more and read about other new capabilities we’ve added, visit https://docs.mongodb.com/mongocli/stable/release-notes/Thank you again for sharing your idea and keep it coming.
All the best,
Jakub -
Terraform resource to add users to an existing team
You can automate this :) https://docs.atlas.mongodb.com/reference/api/teams-add-user/
1 vote -
Atlas API Enhancements
Since we want to automate the user (de)provisioning for organizations and projects, we would like to see the following API enhancements:
Please enhance the Mongo Atlas API for the following functionalities:
- invite (existing mongo) user to organization (currently not possible)
- remove user from organization
- get invitation status from user
- cancel invitation for userThank you
8 votesThe work for invite management has been completed and added as endpoints to organizations and projects: https://docs.atlas.mongodb.com/reference/api/projects/ and https://docs.atlas.mongodb.com/reference/api/organizations/
-
Possibility to change 'frequency_type' of snapshot backup policy item via Terraform
Hi,
I’m facing an issue about Snapshot Backup Policy creation/modification via Terraform ( FYI, I open a case to the support of MongoDB https://support.mongodb.com/case/00668262). Let me explain :
When I want to create a MongoAtlas Cluster via terraform, I want to apply a custom Snahsphot Backup Policy with ONLY 2 items during the creation of the cluster :
N° Item Frequency type Frequency Retention
0 Daily 1 7 Days
1 Weekly 1 (Saturday) 4 weeksHowever, during the creation of the mongo atlas cluster, I can see an error
Error: Error applying plan:1 error occurred:
* module.cluster…28 votesThe Cloud Backup policy has been completely reworked as of provider version 1.0.0, with a few more fixes in 1.0.1 (coming shortly). This should address the pain points that have been raised here and elsewhere.
-
Add Test Failover permissions to the Project Cluster Manager role
Add Test Failover permissions to the Project Cluster Manager role.
Use Case:
We'd like to have folks with this permission without also allowing them to modify Project membership and all the other permissions that come with being an Owner.4 votes -
more information in AWS IAM audit logs
We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.
An example log line in the current audit log:
{ "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {…4 votesThe full ARN including the user information is now captured in audit logs when AWS IAM authentication is used with assumed roles. This is a delayed update; the change was made in 2021. Thank you for your feedback to make MongoDB better.
-
Need access to the REST API for IdP Federation
Currently all IdP federation set up must be done in the Atlas GUI. This prohibits scripting the setup of IdP organization and role mapping for new projects.
Customers can prefer setting this up via a scriptable Rest API interface for a new project. Everything else about the project has an API that is currently used to create projects and deploy clusters. Authentication is important part of the process and currently requires manual set up through the GUI.
3 votes
- Don't see your idea?