How to secure mongodb atlas connection with IAM role and access the secure connection from a particular Elstic BeanStalk environment in AWS?
I deployed the project in aws ebs and I want to secure mongodb atlas connection to only this particular environment through IAM role and not by setting IP whiteList because the instance IP is not static.
MONGODB ATLAS:
I have followed the below steps to secure mongodb atlas with IAM role:
1.I have added the IAM role ARN to the database access of mongodb atlas.
Please let me know if there are any corrections required from the above steps in configuring the mongodb atlas with IAM role.
AWS:
-
I have created IAM role that has the neccessary policies for the s3, ec2 instance, and ebs.
-
what changes should be done in the IAM role to access the mongodb atlas and what policies should I add.
-
what changes should i make in the ebs.
Creating the mongodb URI I am using the accessKey, secretKey and session token obtained from the aws security token service (STS).
func SecurityTokenService(region string) (*models.TempCredentials, StatusResponse.Status) {
sess, err := session.NewSessionWithOptions(session.Options{
Config: aws.Config{Region: aws.String(region)},
})
if err != nil {
return nil, StatusResponse.CustomErrRes(err)
}
svc := sts.New(sess)
input := &sts.AssumeRoleInput{
RoleArn: aws.String("arn:aws:iam"),
RoleSessionName: aws.String("mongodb-session"),
DurationSeconds: aws.Int64(3600), // Adjust as needed (1 hour)
}
output, err := svc.AssumeRoleWithContext(context.Background(), input)
if err != nil {
return nil, StatusResponse.CustomErrRes(err)
}
// Extract temporary credentials
accessKeyID := *output.Credentials.AccessKeyId
secretAccessKey := *output.Credentials.SecretAccessKey
sessionToken := *output.Credentials.SessionToken
credentials := models.TempCredentials{
AccessKey: accessKeyID,
SecretKey: url.QueryEscape(secretAccessKey),
SessionToken: url.QueryEscape(sessionToken),
}
return &credentials, StatusResponse.SuccessStatusResponse()
}
When I try to access the APIs I am getting selection time out error.
I have tried using the mongodb URI with cluster user and password but still getting the selection timeout error.
Please let me know how should I proceed further.
I have added the 0.0.0.0 IP to whitelist it is working fine, but I don't want to compromise on the security with giving access to all the IPs. I want to secure the access only to the particular ebs environment. If someone can guide me through the steps that will be helpful.
Thanks in advance.
AWS OFFICIALUpdated 2 years ago
Thanks for quick response. According to our project requirement we need to go with IAM roles but not with IP address and VPC peering. Kindly suggest me the procedure for IAM role configurations for accessing the mongodb atlas from elastic beanstalk environment.