MongoDB

How to integrate any MongoDB DB with Apono, this integration will allow you to manage MongoDB access using Apono

Suggest Edits

Overview

Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
Automated Approval Workflows - Create approval workflows to specific sensitive databases.
Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.

Step by step guide

How to Integrate MongoDB

Creating a user

Apono requires a user in the DB instance so it can provision.

In MongoDB, switch to admin database
```
use admin;
```

Create a user for Connector in the instance, and type the password to the apono-connector user.(password)

db.createUser({
    user: "apono-connector",
    pwd: "password",
    roles: [
        {
            "role" : "clusterMonitor",
            "db" : "admin"
        },
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        },
        {
            "role" : "readWriteAnyDatabase",
            "db" : "admin"
        },
        {
            "role" : "clusterManager",
            "db" : "admin"
        }
    ]
});

Storing the secret in your environment secret store.

AWS
Using aws-cli, to store the secret in AWS Secret Manager.

Make sure to replace #SECRET_NAME,#REGION, #PASSWORD
```
aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{
    "username":"'"apono-connector"'",
    "password":"'"#PASSWORD"'"
}'
```
GCP
You can also store the secret in Google Secret Store if you use Google Cloud

Connecting to Apono

Open Integrations Catalog
Click on MongoDB integration card
Select the Connector, this is the Connector which is installed in the same AWS account as the MongoDB instance
Type in a friendly name for the integration
Fill in the hostname and port

Assign the Secret

AWS

Use the respective secret which was stored in AWS Secret Manager previously in this guide.

Select the secret from the Secret Manager according to the appropriate AWS account and region

Click Create

Creating a user

Connector requires to have a user in the DB instance so it can provision access. Provisioning is done by creating an admin user in the database.

In MongoDB, switch to admin database
```
use admin;
```

Create user for Connector in the instance, type in some secure password

db.createUser({
    user: "apono-connector",
    pwd: "password",
    roles: [
        {
            "role" : "clusterMonitor",
            "db" : "admin"
        },
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        },
        {
            "role" : "readWriteAnyDatabase",
            "db" : "admin"
        },
        {
            "role" : "clusterManager",
            "db" : "admin"
        }
    ]
});

Using aws-cli, store in AWS Secret Manager, make sure to replace #SECRET_NAME,#REGION, #PASSWORD

aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{
    "username":"'"apono-connector"'",
    "password":"'"#PASSWORD"'"
}'

👍
Hurray! You've successfully integrated Apono with your MongoDB. You should now see the new integration in your Connected Integrations . You can now use this integration in your existing or new Access Flow. Check this guide out for more information on creating your first Access Flow in Apono.

Updated 2 months ago

What’s Next

Creating Access Flows in Apono