Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
145 results found
-
Add Test Failover permissions to the Project Cluster Manager role
Add Test Failover permissions to the Project Cluster Manager role.
Use Case:
We'd like to have folks with this permission without also allowing them to modify Project membership and all the other permissions that come with being an Owner.4 votes -
more information in AWS IAM audit logs
We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.
An example log line in the current audit log:
{ "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {…4 votesThe full ARN including the user information is now captured in audit logs when AWS IAM authentication is used with assumed roles. This is a delayed update; the change was made in 2021. Thank you for your feedback to make MongoDB better.
-
Terraform resource to provision maintenance windows
I propose creating a new terraform resource to provisioning maintenance windows.
This could be helpful to avoid setting this manually at the project level.
I'm new to Terraform but wouldn't mind to work on it, in case it makes sense.
Thanks
4 votesThis has been released in version 0.4.0
https://www.terraform.io/docs/providers/mongodbatlas/r/maintenance_window.htmlMore info on 0.4.0:
https://www.mongodb.com/blog/post/new-major-version-of-terraform-mongodb-atlas-provider -
Push Logs to AWS S3 bucket: Terraform
Push Logs to AWS S3 bucket, This feature is helpful, It gives a flexibility for large organizations who need to segregate logs considering Inventory, Security and Observability to organize logs to a respective destinations from S3.However the terraform provider does have api's to fulfill this feature https://www.mongodb.com/docs/atlas/push-logs/ . If it can available in terms of terraform resources, This will help our organization to enable logging in terraform IAC to simplify the logging and deployments
3 votes -
Create option in terraform for keep backups after destruction
I saw that a feature was released to keep the backups of a cluster even if it was terminated. Basically the idea is to add a bool in terraform that does the work of activating or deactivating this feature, because whoever destroys the cluster using terraform does not have the option to keep the backup.
3 votesBackup Compliance Policy was released with v1.9.0 and Retain Backup flag is available in mongodbatlas_cluster and mongodbatlas_advanced_cluster in v1.10.0. Thank you for the feedback.
-
Allow configuration of Data Federation via Terraform
The
mongodbatlas_data_lake
(which should be renamed to reflect the new Data Federation name) doesn't allow you to specify the configuration. Without it, there is little value in having the resource defined in terraform at all.This issue: https://github.com/mongodb/terraform-provider-mongodbatlas/issues/561 was created over a year ago to ask for this. A comment from MongoDB indicates its in the plan, just wanted to provide a vote for it.
3 votes -
mongodbatlas_serverless_privatelink_endpoint
I'm trying to import a serverless private link endpoint but I have no success with the current resource "mongodbatlasprivatelinkendpoint". As I investigate I saw that "mongodbatlasprivatelinkendpoint" is using the "private endpoint" API not the "serverless private endpoint" API reference on this url https://www.mongodb.com/docs/atlas/reference/api/serverless-private-endpoints/ that is why its unable to get the resource I wanted to import.
It is good if we have a separate resource for the serverless private endpoint because it is the only way to securely connect to AWS without using the network peering connection. As of this writing network peering is not yet…
3 votes -
Comprehensive Backup Ransomware Protection
MongoDB Atlas needs a modern, comprehensive, secure ransomware protection strategy for its customers. Simply providing the ability to backup a database, and encrypt that database with "bring your own key" is not enough. Below I highlight what I believe are key components of a comprehensive strategy (or at least a good start).
Immutable and Verifiable Backups
Once backups are created, Atlas should provide a facility to ensure the backup remains immutable. Further, Atlas should provide verification that a backup continues to be untouched / unmodified for its entire lifecycle.
Deletion Protection
Atlas should provide enhanced deletion protection for backups. Any…
3 votesHello,
I am pleased to announce that we have released our backup feature called Backup Compliance Policy, that protects your backups from being deleted by any user, ensuring WORM and full immutability (can not be edited/modified or deleted) for backups automatically in Atlas.
Backup Compliance Policy allows organizations to configure a project-level policy to prevent the deletion of backups before a predefined period, guarantee all clusters have backup enabled, ensure that all clusters have a minimum backup retention and schedule policy in place, and more.
With these controls, you can more easily satisfy data protection requirements (e.g., AppJ, DORA, immutable / WORM backups, etc.) without the need for manual processes.
Please note that the Backup Compliance Policy can not be disabled without MongoDB support once enabled so please make sure to read our documentation thoroughly before enabling.
In addition to Backup Compliance Policy, organizations can also utilize our multi-region…
-
ReadOnly DATA API
Current DATA API feature looks promising. However there is no way provide access controls around it. If you have access to API key then you can potentially do both read-write to cluster. We did some PoC recently but couldnt promote to prod because of this problem. If we get a readonly Data API access that would be super helpful.
3 votesHi all this should be completed now.
-
Allow to assign API Key to Project via Terraform by referencing public key
Currently you can only assign an API Key to an Atlas Project via Terraform by referencing the ID of the API Key. Unfortunately, the ID is not exposed through the UI, only through the Atlas API. This is not very ideal for customers/users that are creating API Keys through the UI.
Adding support for referencing the API Key in Terraform via the public key instead of the ID would fix this. Or alternatively, exposing the API Key ID in Atlas.
3 votesWe released support for Data Source: mongodbatlas_api_keys which exposes the api_key_id paramter as part of v1.8.0. Thank you for the feedback.
For more details see: https://registry.terraform.io/providers/mongodb/mongodbatlas/latest/docs/data-sources/api_keys#api_key_id
-
Need access to the REST API for IdP Federation
Currently all IdP federation set up must be done in the Atlas GUI. This prohibits scripting the setup of IdP organization and role mapping for new projects.
Customers can prefer setting this up via a scriptable Rest API interface for a new project. Everything else about the project has an API that is currently used to create projects and deploy clusters. Authentication is important part of the process and currently requires manual set up through the GUI.
3 votes -
Change M10+ cloud providers
I would like to be able to change the cloud provider and region of a M10+ cluster.
It would be nice also to have a per-cluster connection string that does not depend on the cloud provider. So we can change the provider and region without changing the application settings.3 votesWe have recently released multi-cloud clusters on Atlas: https://www.mongodb.com/blog/post/introducing-multicloud-clusters-on-mongodb-atlas
This unlocks the ability for you to seamlessly migrate workloads across cloud providers!
Give it a try and let us know what you think!
-
SSO integration for Atlas UI
Enabling SSO for the Atlas interface would limit the ability for outside people to gain access to our accounts. It would also provide us with enterprise tools for managing user access.
Currently we are using Atlas credentials to log into the Atlas frontend. This appears to be a security risk long term as people could hack into our account and create/destroy resources.
3 votes -
Provide `replSetName` vs. `snapshotId` mapping in `GET /groups/{GROUP-ID}/clusters/{CLUSTER-NAME}/backup/snapshots` Public API call for each
What is the problem that needs to be solved? Provide
replSetName
vs.snapshotId
mapping inGET /groups/{GROUP-ID}/clusters/{CLUSTER-NAME}/backup/snapshots
Public API call for eachsnapshotId
.Why is it a problem? (the pain) You're doing automated disaster recovery (restore from Atlas to on-prem via Manual Restore) scenario and you need to know which
snapshotId
(and its corresponding.tar.gz
file) is related to which Atlas Cluster Shard/Config Server Replica Set. E.g.5e442aa4cf09a2352527536b
=Cluster0-shard-0
,5e442aa4cf09a23525275370
=Cluster0-shard-1
,5e442aa4cf09a23525275375
=Cluster0-config-0
.3 votes -
Enable the use of AWS PrivateLink in Terraform
MongoDB Atlas provides the ability to configure AWS PrivateLink to connect customer VPCs with MongoDB Atlas. I would like to see this capability exposed through Terraform.
3 votesThis has been released in version 0.4.0
https://www.terraform.io/docs/providers/mongodbatlas/r/private_endpoint.html
and
https://www.terraform.io/docs/providers/mongodbatlas/r/private_endpoint_interface_link.htmlMore info on 0.4.0:
https://www.mongodb.com/blog/post/new-major-version-of-terraform-mongodb-atlas-provider -
Maintenance notification to Slack
Would like to get notified for maintenance through slack channel as well as in mail or GUI banner
3 votes -
atlas terrafrom mongodbatlas_encryption_at_rest
It would be great to have secrets as sensitive fields in the "mongodbatlasencryptionatrest" terraform resource such as client secrets, secretaccess_key, etc. Otherwise they show as plain text in the console/stdout. I understand they will still be stored in the state file, but at least they are removed from logs.
3 votesAll of the sensitive fields should now be marked as such in the code base for the provider. If any others are found please file an issue at:
https://github.com/mongodb/terraform-provider-mongodbatlas/issuesThank you!
-
Shared Clusters upgrade to MongoDB 6.0+
Currently MongoDB 6.0.1 is only available in dedicated clusters (M10+) and in serverless clusters.
We need to use MongoDB 6.0.1 or higher in the shared cluster (M0/M2/M5).
I understand that this should be in the roadmap anyway, but getting it sooner than later would be great.
2 votes -
To not to delete the most recent backup when the DB is deleted
After a cluster is terminated in MongoDB Atlas, the backups disappear with it. It will be good to preserve the most recent backup of this database. Otherwise, there is no point to have backup if the DB cannot be recover after accidental delete
2 votes -
Configure --jsonFormat=canonical flag in export policy.
JSON does not support all data types that are available in BSON. This means that when using JSON there will be a so called "loss of fidelity" of the information.
However, using the --jsonFormat=canonical flag in a mongoexport command will preserve all available BSON data types, so the "loss of fidelity" issue can be completely avoided.Now we plan to export our cloud backups to an AWS S3 bucket. To do this, we would like to set up an export policy to automatically export the snapshots. We could already do this via the API. However, the data is output in…
2 votes
- Don't see your idea?