Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-6094

Request + PR: ability to get Mongo to handle AWS IAM Role assumption

    • Type: Icon: New Feature New Feature
    • Resolution: Duplicate
    • Priority: Icon: Unknown Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • 2
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      How are you using Mongo? What version of the server and driver are you using?

      Atlas, Node 6.5.0

      What is the feature/improvement you would like?

      It would be great if the Mongo driver could handle AWS role assumption. The reasoning is below.

      What use case would this feature/improvement enable?

      In our org, we're using the mongo creds provider with an assumed role. We are assuming the role ourselves and passing the resulting key, secret, and session token to the mongo connector. This works fine...

      ... until the STS session expires.

      At this point we need to implement full expiry and reconnection logic ourselves. This sucks - it's finicky, and the code to handle it already exists in both this repository and in the aws-sdk, probably more reliably than we'll ever manage.
      It's also annoying because it has to exist outside of the connection pool, and must kill the whole pool. This is the sort of thing a pool should manage for you.

      Because of this, we'd really like if the Mongo connector could handle assuming a role for the user. That way we don't need to do all this invalidation + reconnection stuff ourselves, and it lives inside the pool where it belongs. As a selling point to you guys, it actually lives in the aws sdks, not mongo. There is no reconnection logic added as part of this PR as none is needed with this approach.

            Assignee:
            aditi.khare@mongodb.com Aditi Khare
            Reporter:
            jarrad@gridcog.com Jarrad Whitaker
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: