MongoDB Atlas

How to integrate MongoDB with Apono to manage JIT access to Clusters, Databases and Collections

A document database used to build highly available and scalable internet applications

Overview

  • Self Service Access - Empower your developers to gain self-servable access to databases using Slack.

  • Automated Approval Workflows - Create approval workflows for specific sensitive databases/collections.

  • Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.

  • Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.

How to Integrate MongoDB Atlas

Creating a Project Owner API Key

- Apono requires a project owner in the cluster's project so it can provision.

  1. Creating an API Key with Project Owner role Run the following Atlas CLI command: Make sure to replace #PROJECT_ID with the project-id that contains the cluster you want to integrate

    atlas projects apiKeys create --desc cli-created --projectId "#PROJECT_ID" --role GROUP_OWNER

    Copy the Public and Private API Keys in the response

  2. Storing the secret in your environment secret store.

AWS

Using aws-cli, to store the secret in AWS Secret Manager. Make sure to replace #SECRET_NAME,#REGION, #PUBLIC_KEY, #PRIVATE_KEY

aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{    
    "public_key":"'"#PUBLIC_KEY"'",
    "private_key":"'"#PRIVATE_KEY"'"
}'
GCP

You can also store the secret in Google Secret Store if you use Google Cloud.

Connecting to Apono

  1. Click on MongoDB integration card

  2. Select the Connector, this is the Connector which is installed in the same AWS account as the MongoDB Atlas instance

  3. Type in a friendly name for the integration

  4. Fill in the Project Id and Cluster Name

Assign the Secret

AWS Use the respective secret which was stored in AWS Secret Manager previously in this guide.

  • Select the secret from the Secret Manager according to the appropriate AWS account and region

  1. Click Create

You've successfully integrated Apono with your MongoDB. You should now see the new integration in your Connected Integrations.

You can now use this integration in your existing or new Access Flow. Check this guide out for more information on creating access flows.

Last updated