Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-4118

Add support for EKS when using AWS Iam roles for database authentication

    • Type: Icon: New Feature New Feature
    • Resolution: Done
    • Priority: Icon: Critical - P2 Critical - P2
    • 4.8.0
    • Affects Version/s: None
    • Component/s: Authentication, Kubernetes
    • None
    • Fully Compatible
    • Needed

      Currently Mongodb java driver supports authenticating against a database using AWS IAM roles, unfortunately this is only supported for applications running on EC2 or ECS tasks, it does not support Elastic Kubernetes Service - unless you grant the role at the node level which would mean every pod on that node gets access to that role and goes against the principal of least privilege.

      EKS recently introduced IAM Roles for service accounts which basically gives pods an IAM role, this is exposed as an environment variable with an open id connect token that can get handed to AWS sts for a set of temporary creds (much like ECS/EC2).

      This improvement would be fantastic especially for those who are running on kubernetes in AWS.

            Assignee:
            rachelle.palmer@mongodb.com Rachelle Palmer
            Reporter:
            hsadafi@vistaprint.com houtan sadafi
            Votes:
            4 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: