MongoDB

How to integrate any MongoDB DB with Apono, this integration will allow you to manage MongoDB access using Apono

MongoDB

Overview

  • Self Service Access - Empower your developers to gain self-servable access to databases using Slack.

  • Automated Approval Workflows - Create approval workflows to specific sensitive databases.

  • Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.

  • Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.

Step by step guide

How to Integrate MongoDB

Creating a user

Apono requires a user in the DB instance so it can provision.

  1. In MongoDB, switch to admin database

    use admin;
  2. Create a user for Connector in the instance, and type the password to the apono-connector user.(password)

    db.createUser({
        user: "apono-connector",
        pwd: "password",
        roles: [
            {
                "role" : "clusterMonitor",
                "db" : "admin"
            },
            {
                "role" : "userAdminAnyDatabase",
                "db" : "admin"
            },
            {
                "role" : "readWriteAnyDatabase",
                "db" : "admin"
            },
            {
                "role" : "clusterManager",
                "db" : "admin"
            }
        ]
    });
  3. Storing the secret in your environment secret store.

AWS

Using aws-cli, to store the secret in AWS Secret Manager.

Make sure to replace #SECRET_NAME,#REGION, #PASSWORD

aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{
    "username":"'"apono-connector"'",
    "password":"'"#PASSWORD"'"
}'
GCP

You can also store the secret in Google Secret Store if you use Google Cloud.

Connecting to Apono

  1. Click on MongoDB integration card

  2. Select the Connector, this is the Connector which is installed in the same AWS account as the MongoDB instance

  3. Type in a friendly name for the integration

  4. Fill in the hostname and port

Assign the Secret

AWS

Use the respective secret which was stored in AWS Secret Manager previously in this guide.

  • Select the secret from the Secret Manager according to the appropriate AWS account and region

  1. Click Create

Creating a user

Connector requires to have a user in the DB instance so it can provision access. Provisioning is done by creating an admin user in the database.

  1. In MongoDB, switch to admin database

    use admin;
  2. Create user for Connector in the instance, type in some secure password

    db.createUser({
        user: "apono-connector",
        pwd: "password",
        roles: [
            {
                "role" : "clusterMonitor",
                "db" : "admin"
            },
            {
                "role" : "userAdminAnyDatabase",
                "db" : "admin"
            },
            {
                "role" : "readWriteAnyDatabase",
                "db" : "admin"
            },
            {
                "role" : "clusterManager",
                "db" : "admin"
            }
        ]
    });
  3. Using aws-cli, store in AWS Secret Manager, make sure to replace #SECRET_NAME,#REGION, #PASSWORD

    aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{
        "username":"'"apono-connector"'",
        "password":"'"#PASSWORD"'"
    }'

Hurray! You've successfully integrated Apono with your MongoDB. You should now see the new integration in your Connected Integrations . You can now use this integration in your existing or new Access Flow. Check this guide out for more information on creating access flows.

Last updated