Docs Menu

Set Up Unified AWS Access

On this page

  • Overview
  • Prerequisites
  • Procedure
  • Manage AWS IAM Roles

Overview

Some Atlas features, including Data Lakes and Encryption at Rest, use AWS IAM roles for authentication. When Atlas accesses AWS services, it does so through an assumed IAM role.

You can set up an assumed IAM role for your Atlas account to use with the Atlas Administration API or UI.

Note

If you have Encryption at Rest enabled for your cluster and you want to set up a new IAM role, be sure the new role has access to the existing KMS.

Prerequisites

Procedure

Resume an Authorization Procedure

If you cancel a procedure to authorize an AWS IAM role for use with Atlas, you can resume it where you left off.

  1. Expand the Options menu next to your project name in the Atlas UI upper left corner. Select Integrations.

  2. Click the Configure button in the AWS IAM Role Access panel.

    Note: if you already have one or more roles configured, the button reads Edit.

  3. Any roles with an ongoing authorization procedure are listed with an in progress status. Click the Resume button to resume the authorization process.

To cancel an in-progress role authorization completely, click the Delete icon next to the in-progress role.

Deauthorize an Assumed IAM Role

You can deauthorize an existing AWS IAM role from your Atlas account with the Atlas Administration API or the Atlas UI.

Note

Be sure to remove any associated Atlas services from the IAM role before you deauthorize it.

Manage AWS IAM Roles

You can manage the AWS IAM roles Atlas uses to access AWS services with the Atlas UI and API.

To navigate to the Atlas AWS IAM Role Access screen:

  1. Expand the Options menu next to your project name in the Atlas UI upper left corner. Select Integrations.

  2. Click the Configure button in the AWS IAM Role Access panel.

    Note: if you already have one or more roles configured, the button reads Edit.

You can perform the following actions from the Atlas AWS IAM Role Access screen:

  • View the list of authorized AWS IAM roles.

    The list of roles displays the role's ARN, its time of creation, and any Atlas services configured to use the role.

  • Authorize an AWS IAM role.

    Click the Authorize an AWS IAM Role button.

    Note

    If you have an authorization in progress, the associated role has a Resume button next to it.

    For detailed instructions, see Set Up Unified AWS Access.

  • Deauthorize an AWS IAM role.

    Click the Delete button next to the role.

    Note

    Be sure to remove any associated Atlas services from the IAM role before you deauthorize it.

  • View the details of an AWS IAM role.

    Click the ellipsis (...) icon next to the role and select View Role Details.

←  Set Up a Private Endpoint for a Dedicated ClusterConfigure Database Deployment Authentication and Authorization →

On this page

Give Feedback
MongoDB logo
© 2022 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center

Support

Social

© 2022 MongoDB, Inc.