configure IP whitelisting on database user level
enable the user creation to have the following option
authenticationRestrictions: [
{
clientSource: ["<IP>" | "<CIDR range>", ...],
serverAddress: ["<IP>" | "<CIDR range>", ...]
},
...
],
-
Mohamed Aslam commented
If we need to restrict a dbuser from one specific ip address only, how we can manage it in atlas ? This one is mandatory thing. As per existing atlas "Network Access", if whitelist an ip address, every database user can access from this ip address. So if we create a new dbuser with new roles, it will not be useful.
Is there any work around is there in atlas for this one ? In stand Alone MongoDB Installtion is possible to do , but in atlas is not possible.
-
Jeroen commented
To add to this. Our use case is being able to give analytical/readonly access to a subset of collections (via data lake) + s3 data through data federation for our client, without allowing their IP to other clusters.
-
Sam commented
Hi MongoDB Support,
Currently this functionality is not available in Atlas, which is not ideal.
The use case of this is to be able to lock down SCRAM DB users accounts that are used as application service accounts. We should be able to lock these accounts down so that they are only ever used from the application source IPs.... i.e. restricting a support staff user using this service account to gain access to the DB from a place other than the application host.
We cannot use the generic database level ip whitelist functionality for this as it would mean that our support user accounts (that utilise IAM roles) would not be able to connect from support jumphosts.
Sam