Secure mongodb atlas connection with IAM role and access the secure connection from a particular Elstic BeanStalk environment in AWS

How to secure mongodb atlas connection with IAM role and access the secure connection from a particular Elstic BeanStalk environment in AWS?

I deployed the project in aws ebs and I want to secure mongodb atlas connection to only this particular environment through IAM role and not by setting IP whiteList because the instance IP is not static.

MONGODB ATLAS:
I have followed the below steps to secure mongodb atlas with IAM role:

1.I have added the IAM role ARN to the database access of mongodb atlas.

Please let me know if there are any corrections required from the above steps in configuring the mongodb atlas with IAM role.

AWS:

  1. I have created IAM role that has the neccessary policies for the s3, ec2 instance, and ebs.

  2. what changes should be done in the IAM role to access the mongodb atlas and what policies should I add.

  3. what changes should i make in the ebs.

Creating the mongodb URI I am using the accessKey, secretKey and session token obtained from the aws security token service (STS).

`
func SecurityTokenService(region string) (*models.TempCredentials, StatusResponse.Status) {

sess, err := session.NewSessionWithOptions(session.Options{
	Config: aws.Config{Region: aws.String(region)},
})
if err != nil {
	return nil, StatusResponse.CustomErrRes(err)
}

svc := sts.New(sess)

input := &sts.AssumeRoleInput{
	RoleArn:         aws.String("arn:aws:iam"),
	RoleSessionName: aws.String("mongodb-session"),
	DurationSeconds: aws.Int64(3600), // Adjust as needed (1 hour)
}

output, err := svc.AssumeRoleWithContext(context.Background(), input)
if err != nil {
	return nil, StatusResponse.CustomErrRes(err)
}

// Extract temporary credentials
accessKeyID := *output.Credentials.AccessKeyId
secretAccessKey := *output.Credentials.SecretAccessKey
sessionToken := *output.Credentials.SessionToken

credentials := models.TempCredentials{
	AccessKey:    accessKeyID,
	SecretKey:    url.QueryEscape(secretAccessKey),
	SessionToken: url.QueryEscape(sessionToken),
}

return &credentials, StatusResponse.SuccessStatusResponse()

}
`

When I try to access the APIs I am getting selection time out error.

I have tried using the mongodb URI with cluster user and password but still getting the selection timeout error.

Please let me know how should I proceed further.

I have added the 0.0.0.0 IP to whitelist it is working fine, but I don’t want to compromise on the security with giving access to all the IPs. I want to secure the access only to the particular ebs environment. If someone can guide me through the steps that will be helpful.

Thanks in advance.

For setting up the IAM role based authentication, please follow this link. Other ways of secured access, you can try to store/retrieve the credentials in AWS Secrets Manager . You can also use a private link (for secured access) to a VPC and host the AWS EB on this VPC. Hope this clarifies. You can refer to the blog for further details. Add on : ECS Fargate with MongoDB blog