MongoDB
How to integrate any MongoDB DB with Apono, this integration will allow you to manage MongoDB access using Apono
Overview
- Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
- Automated Approval Workflows - Create approval workflows to specific sensitive databases.
- Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
- Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.
Step by step guide
How to Integrate MongoDB
Creating a user
Apono requires a user in the DB instance so it can provision.
-
In MongoDB, switch to admin database
use admin;
-
Create a user for Connector in the instance, and type the password to the apono-connector user.
(password)
db.createUser({ user: "apono-connector", pwd: "password", roles: [ { "role" : "clusterMonitor", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" }, { "role" : "clusterManager", "db" : "admin" } ] });
-
Storing the secret in your environment secret store.
AWS
Usingaws-cli
, to store the secret in AWS Secret Manager.Make sure to replace
#SECRET_NAME
,#REGION
,#PASSWORD
aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{ "username":"'"apono-connector"'", "password":"'"#PASSWORD"'" }'
GCP
You can also store the secret in Google Secret Store if you use Google Cloud
Connecting to Apono
- Open Integrations Catalog
- Click on MongoDB integration card
- Select the Connector, this is the Connector which is installed in the same AWS account as the MongoDB instance
- Type in a friendly name for the integration
- Fill in the hostname and port
Assign the Secret
AWS
Use the respective secret which was stored in AWS Secret Manager previously in this guide.
- Select the secret from the Secret Manager according to the appropriate AWS account and region
- Click Create
Creating a user
Connector requires to have a user in the DB instance so it can provision access. Provisioning is done by creating an admin
user in the database.
-
In MongoDB, switch to admin database
use admin;
-
Create user for Connector in the instance, type in some secure
password
db.createUser({ user: "apono-connector", pwd: "password", roles: [ { "role" : "clusterMonitor", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" }, { "role" : "clusterManager", "db" : "admin" } ] });
-
Using
aws-cli
, store in AWS Secret Manager, make sure to replace#SECRET_NAME
,#REGION
,#PASSWORD
aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{ "username":"'"apono-connector"'", "password":"'"#PASSWORD"'" }'
Hurray! You've successfully integrated Apono with your MongoDB. You should now see the new integration in your Connected Integrations . You can now use this integration in your existing or new Access Flow. Check this guide out for more information on creating your first Access Flow in Apono.
Updated 2 months ago