MongoDB
How to integrate any MongoDB DB with Apono, this integration will allow you to manage MongoDB access using Apono
Overview
- Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
- Automated Approval Workflows - Create approval workflows to specific sensitive databases.
- Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
- Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.
Step by step guide
How to Integrate MongoDB
Creating a user
- Apono requires a user in the DB instance so it can provision.*
- In MongoDB, switch to admin database
use admin;
- Create a user for Connector in the instance, and type the password to the apono-connector user.
(password)
db.createUser({
user: "apono-connector",
pwd: "password",
roles: [
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "clusterManager",
"db" : "admin"
}
]
});
- Storing the secret in your environment secret store.
AWS
Using aws-cli
, to store the secret in AWS Secret Manager.
Make sure to replace #SECRET_NAME
,#REGION
, #PASSWORD
aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{
"username":"'"apono-connector"'",
"password":"'"#PASSWORD"'"
}'
GCP
You can also store the secret in Google Secret Store if you use Google Cloud.
Connecting to Apono
- Open Integrations Catalog
- Click on MongoDB integration card
- Select the Connector, this is the Connector which is installed in the same AWS account as the MongoDB instance
- Type in a friendly name for the integration
- Fill in the hostname and port
Assign the Secret
AWS
Use the respective secret which was stored in AWS Secret Manager previously in this guide.
- Select the secret from the Secret Manager according to the appropriate AWS account and region
- Click Create
Creating a user
Connector requires to have a user in the DB instance so it can provision access. Provisioning is done by creating an admin
user in the database.
- In MongoDB, switch to admin database
use admin;
- Create user for Connector in the instance, type in some secure
password
db.createUser({
user: "apono-connector",
pwd: "password",
roles: [
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "clusterManager",
"db" : "admin"
}
]
});
- Using
aws-cli
, store in AWS Secret Manager, make sure to replace#SECRET_NAME
,#REGION
,#PASSWORD
aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{
"username":"'"apono-connector"'",
"password":"'"#PASSWORD"'"
}'
Hurray!
You've successfully integrated Apono with your MongoDB. You should now see the new integration in your Connected Integrations.
You can now use this integration in your existing or new Access Flow. Check this guide out for more information on creating your first Access Flow in Apono.
Updated 5 days ago