Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-1746

Add native support for AWS IAM Roles for service accounts, EKS in particular

    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-4081 Fixed 1.24.0
      CXX-2307 Works as Designed 3.8.0
      CSHARP-3740 Fixed 2.19.0
      GODRIVER-2081 Fixed 1.12.0
      JAVA-4234 Fixed 4.8.0
      NODE-3445 Fixed 5.1.0
      MOTOR-773 Duplicate
      PYTHON-2818 Fixed 4.4
      PHPC-1895 Won't Do
      RUBY-2732 Fixed 2.19.0
      RUST-906 Fixed 2.6.0
      SWIFT-1258 Won't Do
      NODE-5135 Duplicate
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-4081 Fixed 1.24.0 CXX-2307 Works as Designed 3.8.0 CSHARP-3740 Fixed 2.19.0 GODRIVER-2081 Fixed 1.12.0 JAVA-4234 Fixed 4.8.0 NODE-3445 Fixed 5.1.0 MOTOR-773 Duplicate PYTHON-2818 Fixed 4.4 PHPC-1895 Won't Do RUBY-2732 Fixed 2.19.0 RUST-906 Fixed 2.6.0 SWIFT-1258 Won't Do NODE-5135 Duplicate

      Currently drivers support authenticating against a database using AWS IAM roles for applications running on EC2 or ECS tasks.

      In scope of DRIVERS-2011 (and already implemented in Java driver in scope of JAVA-4118), applications will be able to supply a callback which will allow it to supply credentials for any type of service, including Elastic Kubernetes Service (EKS).

      This ticket would add support for EKS natively to our drivers, without requiring use of an application-supplied callback.

      This improvement would be useful for those who are running on Kubernetes in AWS and reduce friction by supporting EKS natively in our drivers

      Note

      EKS IAM Roles for service accounts give pods an IAM role, this is exposed as an environment variable with an open id connect token that can get handed to AWS sts for a set of temporary creds (much like ECS/EC2).

            Assignee:
            steve.silvester@mongodb.com Steve Silvester
            Reporter:
            ross@mongodb.com Ross Lawley
            Votes:
            9 Vote for this issue
            Watchers:
            37 Start watching this issue

              Created:
              Updated:
              Resolved: