-
Type: New Feature
-
Resolution: Duplicate
-
Priority: Unknown
-
None
-
Affects Version/s: None
-
Component/s: None
How are you using Mongo? What version of the server and driver are you using?
Atlas, Node 6.5.0
What is the feature/improvement you would like?
It would be great if the Mongo driver could handle AWS role assumption. The reasoning is below.
What use case would this feature/improvement enable?
In our org, we're using the mongo creds provider with an assumed role. We are assuming the role ourselves and passing the resulting key, secret, and session token to the mongo connector. This works fine...
... until the STS session expires.
At this point we need to implement full expiry and reconnection logic ourselves. This sucks - it's finicky, and the code to handle it already exists in both this repository and in the aws-sdk, probably more reliably than we'll ever manage.
It's also annoying because it has to exist outside of the connection pool, and must kill the whole pool. This is the sort of thing a pool should manage for you.
Because of this, we'd really like if the Mongo connector could handle assuming a role for the user. That way we don't need to do all this invalidation + reconnection stuff ourselves, and it lives inside the pool where it belongs. As a selling point to you guys, it actually lives in the aws sdks, not mongo. There is no reconnection logic added as part of this PR as none is needed with this approach.
- is related to
-
NODE-6141 Allow users to provide custom AWS configuration
- Backlog
- related to
-
DRIVERS-2903 Allow users to provide custom AWS configuration
- Investigating
-
NODE-6143 Handle AWS IAM Role assumption
- Closed