Has anyone implemented IAM AWS role based AUTH for their Atlas Cluster? How are you auditing with role based IAM accounts that authenticate to MongoDB? We are using AWS SSO for role based access to our environment.
You can only see the role auth on MongoDB Audit side, but not the user in the MongoDB AUDIT log in MongoDB 7.0
{ "atype" : "authCheck", "ts" : { "$date" : "2024-02-21T22:36:18.870+00:00" }, "uuid" : { "$binary" : "txA9MItGSEm6Dq4Q+s8Ieg==", "$type" : "04" }, "local" : { "ip" : "xxx.xxx.xxx.xxx", "port" : 27017 }, "remote" : { "ip" : "xxx.xxx.xxx.xxx", "port" : 21974 }, "users" : [ { "user" : "arn:aws:sts::911000000000:assumed-role/AWSReservedSSO_STAFF_f123456789g/*
....
....
...
Oddly you can see the role + user on the MongoDB (mongod.log) log, which is NOT for used for AUDITING.
{"t":{"$date":"2024-02-21T22:34:33.794+00:00"},"s":"I", "c":"ACCESS", "id":1234000, "ctx":"conn10000","msg":"Successfully authenticated","attr":{"client":"xxx.xxx.xxx.xxx:6779","isSpeculative":false,"isClusterMember":false,"mechanism":"MONGODB-AWS","user":"arn:aws:sts::911000000000:assumed-role/AWSReservedSSO_STAFF_f123456789g/*","db":"$external","result":0,"metrics":{"conversation_duration":{"micros":123978,"summary":{"0":{"step":1,"step_total":2,"duration_micros":6},"1":{"step":2,"step_total":2,"duration_micros":21101}}}},"extraInfo":{"awsId":"S789SXYPENDAZZZX86T2","awsArn":"arn:aws:sts::911000000000:assumed-role/AWSReservedSSO_STAFF_f123456789g/johndoe@company.com"}}}
Strange right?