-
Type: New Feature
-
Resolution: Done
-
Priority: Critical - P2
-
Affects Version/s: None
-
Component/s: Authentication, Kubernetes
-
None
-
(copied to CRM)
-
Fully Compatible
-
Needed
Currently Mongodb java driver supports authenticating against a database using AWS IAM roles, unfortunately this is only supported for applications running on EC2 or ECS tasks, it does not support Elastic Kubernetes Service - unless you grant the role at the node level which would mean every pod on that node gets access to that role and goes against the principal of least privilege.
EKS recently introduced IAM Roles for service accounts which basically gives pods an IAM role, this is exposed as an environment variable with an open id connect token that can get handed to AWS sts for a set of temporary creds (much like ECS/EC2).
This improvement would be fantastic especially for those who are running on kubernetes in AWS.
- depends on
-
DRIVERS-1746 Add native support for AWS IAM Roles for service accounts, EKS in particular
- Closed
- duplicates
-
JAVA-4234 Add native support for AWS IAM Roles for service accounts, EKS in particular
- Closed
- is duplicated by
-
JAVA-4179 Authenticate to mongo ATLAS using AWS IAM role, defined in AWS_ROLE_ARN environment variable, instead of role defined in instance metadata
- Closed
- is related to
-
KAFKA-297 Support configuration of an AWS credential callback
- Closed
- related to
-
JAVA-4292 AWS credential refreshing
- Released