Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
1334 results found
-
Improve Admin API for API keys rotation
Given we have security mandates where we need to rotate API keys for an organization, every 365 days. It would be ideal if when calling
https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Programmatic-API-Keys/operation/getApiKeygetApiKey from admin api that it should return the created date. This way programmatically we can rotate keys and maintain security posture. As well if there was a way to just refresh the api secret and not generate a new one that would be a plus
4 votes -
Manage Database by Kubernetes Operator
In our use case, we are dynamically creating feature environments based on the branch name. During this process, we are also creating MongoDB databases in the same Atlas cluster (different envs are sharing the same cluster but with different database names). For now, we need to do it with a separate CI step that should create this DB and delete it when the env is deleted.
It would be great to have the possibility to manage DB create/delete process with Kubernetes CRD. For now it's the only 1 missing feature that is blocking us to start using Operator.
4 votesThis is something we're considering for the future.
But the biggest problem we need to solve is that it's incredibly easy to create/delete/update databases within a deployment via many other interfaces. But if this happens, the Operator's source of truth (the custom resources) won't contain the changes, and the Operator would overwrite the changes using it's source of truth.
-
Unblock users in Russia and Belarus
Currently MongoDB blocks access to MongoDB Atlas for users who are located on the territory of Russian Federation, Belarus (and other countries).
MongoDB Support team confirmed this is the case and stated that the reason is US regulations and sanctions, referring only to the blog post published on their website (https://www.mongodb.com/blog/post/mongodb-assistance-ukraine-shut-down-work-russia). The blog post does not mention that the access to users is blocked.
To our best understanding not many other tech companies have implemented such strict measures.
We've also taken the time to delve into the sanctions topic and have reviewed every public release of sanctions on…
4 votes -
Terraform lifecycle ignore_changes tags
It would be nice if tags would not be set of list and will be a map, like tags for Azure resources.
In that case, you can ignore some tags by name. Like thislifecycle {
ignore_changes = [
tags["costcenter"],
tags["environment"],
tags["projectcode"]
]
}https://github.com/mongodb/terraform-provider-mongodbatlas/issues/2006
4 votes -
"Manage your own encryption keys deactivated" event
We recently discovered that there is no event when deactivating the option "Manage your own encryption keys" within the cluster configuration.
While there are hints towards this within the CLUSTERUPDATESTARTED and AUTOMATIONCONFIGPUBLISHED_AUDIT events, there is no clear warning that the encryption keys of the cluster are affected.
As an unwanted change of encryption at rest keys for data can have severe impact on data accessibility and security, I would propose adding a "Manage your own encryption keys deactivated" event to the Activity Feed.
4 votes -
Use kubernetes Atlas operator to create and manage only users
We are already managing the Atlas project using terraform and do not want to have two separate tools managing the same resource. We would still like to generate atlas users automatically through the operator. If there was a method of just providing the project ID as a string like we are able to in the terraform resource definition, this would not be a problem.
4 votesWe're planning an investigation into this in Q2 (May-July for us). It's something more than one customer has asked for and allowing an Atlas ID to be used rather than a reference for another K8s resource feels like a reasonable approach.
No commitments for now till we've investigated in a little more detail.
-
AWS gp3 Decouple IOPs from Disk Size
With AWS EBS gp3 volumes, IOPs and throughput can be provisioned separately from EBS storage size. While Atlas now uses gp3 volumes and provides a base throughput of 3,000 IOPs, higher throughputs are still directly tied to disk size.
We run IO-intensive workloads that require high throughput, and we have to severely over-size disks to get the needed throughput. We don't require the extra-low latency of provisioned IOPs (which is much more expensive than over-provisioning storage).
According to the linked AWS documentation below, if the M60 instance size is running on an ec2 m5.4xlarge instance type, it can support a…
4 votes -
Return a user createdDate for Atlas control plane and database users
Automated user systems such as Hashi-Vault will automatically create users. Typically these users have a 90day expiration. Any team using continuous delivery hits the atlas user limit. There is not a way to know when an atlas user was created from the API data
4 votes -
Support OIDC as Authentication Protocol for access to Mongo Portal
Currently SAML is supported: https://www.mongodb.com/docs/atlas/security/federated-authentication/#configure-federated-authentication
It would be preferable if OIDC was supported.
4 votes -
Support for GCP Saudi Arabia/Dammam me-central2 for Atlas
GCP announced availability of services in me-central2. Can MongoDB please support this region in GCP?
4 votes -
Atlas access management similar to Azure AD Privileged Identity Management (PMI)
Hello, we are looking for functionality that allows users to auto-promote or adjust their privileges based on the access needed.
For example: if user XYZ needs access to DB:123 he can elevate access himself to this db.
This would be similar to Azure Active Directory (Azure AD) Privileged Identity Management (PIM). A service offered by Microsoft as part of its Azure cloud platform. It helps organizations manage, control, and monitor access within their Azure AD environment, particularly for privileged accounts. These accounts have elevated permissions that can perform critical tasks, such as managing resources, configuring settings, or accessing sensitive data.
…
4 votes -
Metric reporting private endpoint state
On Mongo Atlas platform we are able to see the status of both Atlas Private Endpoint and Azure Private Endpoint. It would be helpful to have these statuses available as a metric on the prometheus integration.
4 votes -
LDAP Users shouldn't be successfully authenticated if not authorized
Today, if you login with proper LDAP credentials to an Atlas cluster, you are authenticated into that cluster, even if you are not authorized to have access. This is not at all how databases should work, nor is it how most databases do work today. If a user is not authorized, that connection should fail immediately.
Allowing successful authentication, even when not authorized, can increase the security vector for ddos attempts as well as causes confusion when successful attempts are logged, even though the user was not authorized to see data.
Please reject any non-authorized user from connecting to an…
4 votes -
Add a role or modify Project Cluster Admin role to allow administrators to mange backup
Today you must be Project Owner to manage backup scheduling and retention. This is far more excessive a permission than needed for DBAs to manage backup scheduling and retention. A role or another permission group for administrative tasks would be important for this product.
4 votes -
dynamic auto-downscale (configurable)
MongoDB have automatic fixed limit for auto-downscale (50%) but sometimes is neccessary downscale with other amount, ie: in our case in the night the clusters have 55%, 60%... will be productive for us that the % limit for downscale will be parametrizable.
If I configure 60% I know that all the nights the cluster auto-downscale to previus instance.4 votes -
Support terraform plan with ORG_READ_ONLY role
An API key with ORGREADONLY should be sufficient to run a terraform plan. Afterall its describe is "Provides read-only access to the settings, users, projects, and billing in the organization.")
However, this is not the case: checking settings for "Cloud Provider Access" [1] and "Encrypting at Rest" [2] fail due to mission permission. Read-write project permissions like GROUP_OWNER on each project are required.[1] https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Cloud-Provider-Access/operation/listCloudProviderAccessRoles
[2] https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management/operation/getEncryptionAtRest4 votes -
Google Private Service Connect
Greeting from Fivetran!
This is somewhat related to https://feedback.mongodb.com/forums/924145-atlas/suggestions/45272014-allow-customers-to-specify-the-number-of-service-a . Having 50 service attachments is not scalable for us which requires 50 IP addresses for each PSC. We have a large customer base and having each of them create PSC would require a lot of IP addresses and would quickly exhaust our subnets.
From the support case it seems that the decision to use 50 PSC attachments comes from the fact that GCP load balancer does not allow more than one pool of servers per service attachment and that the ports are passed through as is as opposed to AWS…
4 votes -
4 votes
-
Associate domains to an IDP at Organization level rather than for entire mongodb.com
At this time domain to IDP associations apply to entire mongodb.com. This makes it very difficult for large companies that have several independent departments to use mongodb.com. Some departments might want to create separate Atlas organizations and others simply access Support section of mongodb.com web-site. They wouldn't want to share an IDP created within one Atlas organization.
One possible approach to addressing this issue is for an Atlas organization to have a distinct sub-domain on mongodb.com (e.g. bigco-org-a.mongodb.com). Another approach would be to have a field for Atlas Organization name on logon page.
4 votes -
Introduce serverless clusters for GCP Frankfurt region
Would be great to have the serverless clusters in FRA GCP as well. Would be good for performance.
4 votes
- Don't see your idea?