MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Completed
Categories Drivers (ie: Node.js, Java, .NET)
Created by Guest
Created on Jun 24, 2020

RELATED FEEDBACK

Allow Client Side Field Level Encryption (CSFLE) to use EC2 Instance profile credentials with KMS access

To use CSFLE with AWS KMS, we have to specify the KMS provider key and access key. This makes it less secure b/c we now have to store the credentials that's accessible to the app. Would be great if it could leverage IAM roles for Amazon EC2 to automatically provide credentials to the instance as discussed here: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-iam.html
  • ADMIN RESPONSE
    Oct 18, 2025
    Thank you for your enhancement request.  We are pleased to announce that we now support AWS IAM roles for KMS access with CSFLE.  Please see the "Important" note that provides instructions on using IAM roles for authentication in the AWS KMS tutorial in our MongoDB docs. https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions ( https://www.mongodb.com/docs/manual/core/csfle/tutorials/aws/aws-automatic/#grant-permissions )