Is the MONGODB-AWS authentication mode supported?

Stephanie Barulic shared this question 18 months ago
Answered

The MONGODB-AWS authentication mode option exists in the latest releases. It doesn't appear in the feature matrix. Having trouble connecting to Atlas with MONGODB-AWS credentials and would like to verify it should work.

Replies (3)

photo
1

Yes, supported.

In the connection editor, select authentication -> MONGODB-AWS. If Access key ID is empty, NoSQLBooster automatically reads the environment variable AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

If you already have a MongoDB URI that you can access, you can also import the MongoDB URI.

mongodb+srv://<atlas-host-name>/test?authSource=%24external&authMechanism=MONGODB-AWS


0c8b1c6869d8a3cfb8e672dc20315f7b

photo
1

How about using AWS IAM roles with temporary credentials? Is there a way to specify AWS_SESSION_TOKEN?

photo
2

You can use env.AWS_SESSION_TOKEN or AWS credential profile.aws_session_token.

The following is the code in NoSQLBooster to handle the AWS environment variable

const env = process.env;

const envUser= env.AWS_ACCESS_KEY_ID || env.AWS_ACCESS_KEY;

if (envUser){

uri.username=envUser;

uri.password= env.AWS_SECRET_ACCESS_KEY || env.AWS_SECRET_KEY;

if (env.AWS_SESSION_TOKEN){

uri.options=uri.options || {};

uri.options.authMechanismProperties=`AWS_SESSION_TOKEN:${env.AWS_SESSION_TOKEN}`;

}

}else{

const AWS =require("@aws-sdk/shared-ini-file-loader");

const sharedConfig=await AWS.loadSharedConfigFiles({}); //profile:"default"

const profile=sharedConfig?.credentialsFile?.default;

if (!profile?.aws_access_key_id) return;

uri.username= profile.aws_access_key_id;

uri.password= profile.aws_secret_access_key;

if (profile.aws_session_token ){

uri.options=uri.options || {};

uri.options.authMechanismProperties=`AWS_SESSION_TOKEN:${profile.aws_session_token }`;

}

}


Leave a Comment
 
Attach a file