Posted On: Jun 25, 2024
June 10, 2024 - Amazon DocumentDB (with MongoDB compatibility) now supports database authentication with Amazon Identity and Access Management (IAM) users and roles ARNs. Users and applications connecting to an Amazon DocumentDB cluster to read, write, update, or delete data can now use an Amazon IAM identity to authenticate connection requests. These users and applications can use the same Amazon IAM user or role when connecting to different Amazon DocumentDB clusters and to other Amazon Web Services products.
Applications running on Amazon EC2, Amazon Lambda, Amazon ECS, or Amazon EKS do not need to manage passwords in application when authenticating to Amazon DocumentDB using an IAM role. These applications get their connection credentials through environment variables of an IAM role, thus making it a passwordless mechanism.
New and existing DocumentDB clusters can use Amazon IAM to authenticate cluster connections without modifying the cluster configuration. You can also choose both password-based authentication and authentication with Amazon IAM ARN to authenticate different users and applications to a DocumentDB cluster. Amazon DocumentDB cluster authentication with Amazon IAM ARNs is supported by drivers which are compatible with MongoDB 5.0+.
Authentication with Amazon IAM ARNs is available in Amazon DocumentDB instance-based 5.0 across all supported regions, including the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more, please refer to the Amazon DocumentDB documentation page.