-
Type: New Feature
-
Resolution: Gone away
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Not Needed
-
User voice report (link)
Currently, when using MONGODB-AWS, it can only read the following variables:
AWS ACCESS KEY ID
AWS SECRET ACCESS KEY
AWS SESSION TOKEN
which forces you to export credentials or to paste them in the CLI.
AWS has a variable called AWS_PROFILE that will fetch the required values from your credential file, without having to paste them again. This variable is supported by anything using AWS SDK, so mongosh should have support for it as well.
Potential solution #1
- If user has already set / has explicitly provided `AWS ACCESS KEY ID`, `AWS SECRET ACCESS KEY`, `AWS SESSION TOKEN` variables, we could use that to auth (current behavior)
- Otherwise we can check AWS_PROFILE variable to extract the user's desired profile and parse the info from either ~/.aws/credentials, ~/.aws/config, or allow users to specify where their aws creds file is located
Potential solution #2
Create another parameter for authMechanism, something like `authMechanism=MONGODB-AWS-PROFILE` to evoke connecting with AWS_PROFILE
- depends on
-
NODE-5747 We do not seem to support loading MONGODB-AWS credentials from .aws/credentials
- Closed
- is related to
-
COMPASS-6478 MongoDB Atlas + AWS IAM auth mechanism: implement proper safe obtaining of key/secret/token
- Closed