[DRIVERS-1405] For MONGODB-AWS, follow AWS-SDK conventions for resolving credentials Created: 30/Sep/20 Updated: 13/Nov/23 |
|
| Status: | Backlog |
| Project: | Drivers |
| Component/s: | Authentication |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Trivial - P5 |
| Reporter: | Darren Gruber | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 3 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Driver Changes: | Needed | ||||||||
| Case: | (copied to CRM) | ||||||||
| Description |
|
Per the current spec, MongoDB drivers currently resolve AWS credentials in the following order:
This flow is a slight deviation from how the AWS-SDK resolves credentials, which is roughly as follows:
Because most AWS tooling that includes the AWS SDK follows this resolution, it was surprising to learn that ~/.aws/config was not supported. As a frequent user of AWS services, I have many different named profiles within my AWS configuration that allows me to switch context when authenticating. Using a named profile also allows me to instrument custom process for obtaining credentials. Because I could not use the ~/.aws/config file, I wrote a small Python3 library/CLI tool to fill that gap: https://mongodb-iam-connection-string.readthedocs.io/en/latest/readme.html I think it would be beneficial to have drivers implement the same credential resolution chain to avoid incompatibility with usage that includes the ~/.aws/config file. |