AWS IAM in Compass is MFA protected & uses shortly expiring tokens
AWS IAM auth in Compass should be a password/token-copypaste-less, MFA-protected experience that uses shortly-expiring tokens, invisibly to the user. Said differently, selecting AWS IAM creds should prompt me with an { AWS config, MFA challenge } form/flow, and not an {{{ accessKeyId, secretAccessKey, sessionToken }}} form as it does today.
AdminJulia
(Admin, MongoDB)
shared this idea
-
Robin Stark
commented
This would be really useful - to work with our existing MFA workflows, we'd like to be able to use our existing CLI credentials (similar to how Cyberduck does: https://docs.cyberduck.io/protocols/s3/#connecting-using-credentials-from-aws-command-line-interface), and then additionally have Compass assume a configured role on our behalf for database access instead of having to paste in temporary tokens.
The value for us would be that we can manage our users and permissions entirely in AWS IAM, and just authorize the role in MongoDB.