Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-2241

AWS credential refreshing

    XMLWordPrintableJSON

Details

    • Icon: New Feature New Feature
    • Resolution: Won't Fix
    • Icon: Unknown Unknown
    • None
    • None
    • None
    • None

    Description

      Background & Motivation

      The Driver Authentication specification describes four ways of obtaining credentials for the MONGODB-AWS authentication mechanism.

      1. From the URI username, password, and options.
      2. From environment variables.
      3. From querying an endpoint for credentials in ECS.
      4. From querying an endpoint for credentials in EC2.

      This is a request to implement an equivalent API as JAVA-4310. JAVA-4310 is currently marked as beta API.

      The original motivation for this feature request is to enable a way to cache credentials. In (3) and (4) the endpoint is queried each time a connection handshake results in authentication. This can result in hitting

      There are other motivations. The AWS session token set in (1) or (2) may be temporary and can expire. A callback enables passing and refreshing credentials in environments like EKS with assigned IAM roles.

      Scope

      • Add client option callback to supply AWS credentials on each authentication attempt.
      • Add client option as unstable API.

      Attachments

        Activity

          People

            Unassigned Unassigned
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: