Skip to content

Drivers

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

3 results found

  1. Support for EKS Service Account Credentials in MONGODB-AWS

    Support for EKS Service Account Credentials in MONGODB-AWS

    It would be great to be able to authenticate to MongoDB using EKS service accounts.

    Currently, the order in which Drivers MUST search for credentials is:
    Credentials passed through the URI
    Environment variables
    ECS endpoint if and only if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set.
    EC2 endpoint
    (https://pymongo.readthedocs.io/en/stable/examples/authentication.html#mongodb-aws)

    It is possible use the AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE environment variables injected into the pod by EKS to assume the service account role and get temporary security credentials, which could then be passed to the uri as described in AssumeRole (https://pymongo.readthedocs.io/en/stable/examples/authentication.html#assumerole).

    The boto client…

    30 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Python  ·  Flag idea as inappropriate…  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Allow custom service names with mongodb+srv URI scheme

    We are using DCOS (marathon/mesos) to manage our services. DCOS generates SRV records for our mongos instances under a record that looks like

    mongos-mongodb.tcp.marathon.mesos
    However, there's currently no way for me to use this because when I provide a connection url like

    mongodb+srv://mongos-mongodb.tcp.marathon.mesos
    the drivers prepend "mongodb.tcp" to the provided url. It's not clear why it's required that the host must start with "mongodb.tcp". Why not let the user specify the actual DNS entry to query?

    I believe the same issue will exist for multiple orchestration frameworks such as Consul/Nomad and Kubernetes.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Unspecified  ·  Flag idea as inappropriate…  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Allow Client Side Field Level Encryption (CSFLE) to use EC2 Instance profile credentials with KMS access

    To use CSFLE with AWS KMS, we have to specify the KMS provider key and access key. This makes it less secure b/c we now have to store the credentials that's accessible to the app. Would be great if it could leverage IAM roles for Amazon EC2 to automatically provide credentials to the instance as discussed here:

    https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-iam.html

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Node.js  ·  Flag idea as inappropriate…  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    Hi all,
    Thank you for raising this feature request. We are currently working on AWS IAM credential support for CSFLE and anticipate release sometime this summer. Please reach out with questions or if you’d like to be part of the beta for the feature.

    Rachelle

  • Don't see your idea?

Feedback and Knowledge Base