I have one mongo db hosted in AWS atlas account and my application is running in AWS EC2 instance. I want to access my DB using my application by VPC peering but it always ask for username password which i think is not a good practice because for this i need to hardcode dummy credentials in properties file.
Is there any way I can do this without using dummy credentials. Can I do this using private endpoint? Please suggest best practice used in industry for mongodb atlas.
Authentication is orthogonal to your network topology (VPC).
Authentication in Atlas is required. You can try using x.509 or aws authentication instead of passwords.
Related
For elasticache cluster configured to use Redis version 7 or above, there is an option to connect using IAM authentication. With IAM Authentication you can authenticate a connection to ElastiCache for Redis using AWS IAM identities.
Reference: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth-iam.html
I am trying to get an example of working code with StackExchange.Redis client to authenticate requests to elasticache using IAM user
As per the documentation, I have tried the following :
Create a role with given policies
Created a user with IAM authentication mode
Created signed token request and tried to pass it as a password while connecting with cluster
I am getting wrongpass:invalid-username-password error.
Here i'm trying to use Debezium Connector to Read data from RDS and publish it to AWS MSK.
All i could see is using AWS IAM based authentication everywhere but unfortunately my cloud engineering team is not willing to add IAM but provided basic auth (username and password) with a topic to publish.
I'm planning to use debezium/connect docker image so i can deploy it to EKS.
Is there any way to connect to MSK using username and password ?
If you want Debezium to connect to your RDS database, you must include database credentials (username and password) in your Debezium config. For example, check out the 'Required Config' docs for the Postgres connector: https://debezium.io/documentation/reference/stable/connectors/postgresql.html#postgresql-required-configuration-properties
You must supply database.user, database.password, and other related values.
If you want to connect to your MSK cluster, there are a couple of alternatives as described here: Connecting to an Amazon MSK Cluster.
For a username/password based authentication to MSK cluster best would be to use SASL SCRAM. See details here: https://docs.aws.amazon.com/msk/latest/developerguide/msk-password.html
Other authentication supported by MSK so far [JAN/31/2022] are:
IAM auth
mutual TLS - certificate based
SASL SCRAM - username/password based
How do we create client certificate to get validated by aws document db?In aws docs https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html#connect_programmatically-tls_enabled, it is mentioned only about one way ssl i.e.,clients authenticating server certificate.I didn't find information regarding two way ssl supported by aws document db.Can anyone help on this?
Amazon DocumentDB does not support using client certificates to connect to your cluster. Are you looking for client-side certificates to be used by the server for authentication? Amazon DocumentDB only supports SCRAM based authentication.
I'm having some mongodb connection securtity concerns for my env.
Here is my environment:
one ECS hosted on cloud that has a public IP but no domain and no ssl certificate neither.
installed mongodb service on this ECS that needs username/password to authenticate
only specific IPs in the whitelist can access the ECS/mongodb
I'm wondering if the data transfer between this mongodb and my local pc is safe or not?
Will the data be encrpyted during the transmission or just plain text so that everyone on the internet can catch and read it? (As I don't have https so it's not using TLS/SSL)
Can canyone explain the machanism or give some some doc links?
Thanks!
As your not using SSL, your data on fly is not encrypted. You need to use TLS/SSL to encrypt the network transmission. You must have the TLS/SSL certificates as PEM files, which are concatenated certificate containers
In addition to encrypting connections, TLS/SSL allows for authentication using certificates, both for client authentication and for internal authentication of members of replica sets and sharded clusters
I have an elastic beanstalk web server set up for my website, and have also created an ec2 server and installed mongodb on it so that I can use it as the database for my website. I know the database works, and I can add documents and access them from ec2. However, I wasn't sure how to connect to the mongodb server through PHP from another site (the one I created with elastic beanstalk).
Thank you for any help. I am pretty new with AWS, so if this is a poor website setup, any help would be appreciated.
Could you try under your instance for the EB> security and groups>click on your database instance and edit the inbound rules. Allow SSH/HTTPS/HTTP from your EB's instance.