Skip to Main Content

MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Status Submitted
Categories Compass
Created by Guest
Created on Feb 7, 2023

AWS IAM in Compass is MFA protected & uses shortly expiring tokens

AWS IAM auth in Compass should be a password/token-copypaste-less, MFA-protected experience that uses shortly-expiring tokens, invisibly to the user. Said differently, selecting AWS IAM creds should prompt me with an { AWS config, MFA challenge } form/flow, and not an {{{ accessKeyId, secretAccessKey, sessionToken }}} form as it does today.
  • Guest
    Jun 25, 2023
    This would be really useful - to work with our existing MFA workflows, we'd like to be able to use our existing CLI credentials (similar to how Cyberduck does: https://docs.cyberduck.io/protocols/s3/#connecting-using-credentials-from-aws-command-line-interface), and then additionally have Compass assume a configured role on our behalf for database access instead of having to paste in temporary tokens. The value for us would be that we can manage our users and permissions entirely in AWS IAM, and just authorize the role in MongoDB.