MongoDB AWS IAM Authentication on EKS

Hi, We are using MongoDB 4.4 and node driver version 3.7.3. We are on AWS and are looking to switch to AWS IAM for authenticating to MongoDB. It turns out that the drivers work out of the box on EC2, ECS, Lambda but not on EKS. On EKS, we are expected to get the access_id, secret and session token by contacting STS : AssumeRoleUsingWebIdentityToken.
From the below, it seems like the way to do this would be to get the three pieces, access key, secret and session token and create a URL out of this and pass this onto the MongoClient.connect().

This mechanism works fine on startup. But, if the connection is left unattended and the token expires in one hour, the subsequent calls to the object created by MongoClient do not work. What is the recommended way to handle this in the nodejs driver for MongoDB.

In Java, we use set a function for the AWS_CREDENTIAL_PROVIDER_KEY in MongoCredential which is invoked everytime we need to refresh the credentials. This funcion that is passed on takes care of contacting STS for exchanging the credentials. I would like to know the equivalent API in nodejs.

Thanks in advance!

Hi @Srikar_Yekollu

We’re intending to add a similar feature to all of our drivers. Please follow and to track our progress toward this goal.


Thanks for the reply, Jeff. I agree that this should solve it. Until then, it seems like recreating the MongoClient is the only solution :frowning:

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.