Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-2241

AWS credential refreshing

    • Type: Icon: New Feature New Feature
    • Resolution: Won't Fix
    • Priority: Icon: Unknown Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • None

      Background & Motivation

      The Driver Authentication specification describes four ways of obtaining credentials for the MONGODB-AWS authentication mechanism.

      1. From the URI username, password, and options.
      2. From environment variables.
      3. From querying an endpoint for credentials in ECS.
      4. From querying an endpoint for credentials in EC2.

      This is a request to implement an equivalent API as JAVA-4310. JAVA-4310 is currently marked as beta API.

      The original motivation for this feature request is to enable a way to cache credentials. In (3) and (4) the endpoint is queried each time a connection handshake results in authentication. This can result in hitting

      There are other motivations. The AWS session token set in (1) or (2) may be temporary and can expire. A callback enables passing and refreshing credentials in environments like EKS with assigned IAM roles.

      Scope

      • Add client option callback to supply AWS credentials on each authentication attempt.
      • Add client option as unstable API.

            Assignee:
            Unassigned Unassigned
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: