CSHARP-4463: Add aws auth connectivity examples. #1004
Conversation
DmitryLukyanov
changed the title
DmitryLukyanov
changed the title
| { | ||
| /// <summary> | ||
| /// Atlas preconditions for local run: | ||
| /// 1. Get your AWS_* (aws_access_key_id, aws_secret_access_key, aws_session_token (optional, but Pay attention that the value should be regenerated from time to time.)) credentials. |
There was a problem hiding this comment.
The AWS_* environment variables should all be uppercase. e.g. AWS_ACCESS_KEY_ID
There was a problem hiding this comment.
/// 1. Configure AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,
and optionally AWS_SESSION_TOKEN. If used, AWS_SESSION_TOKEN
should be regenerated periodically.
| /// "Arn": "arn:aws:sts::%ID_VALUE%:assumed-role/%ROLE_NAME%/[[email protected]](mailto:[email protected])" | ||
| /// } | ||
| /// pay attention on %ROLE_NAME%. | ||
| /// </summary> |
There was a problem hiding this comment.
| /// <summary> | ||
| /// Atlas preconditions for local run: | ||
| /// 1. Get your AWS_* (aws_access_key_id, aws_secret_access_key, aws_session_token (optional, but Pay attention that the value should be regenerated from time to time.)) credentials. | ||
| /// You may use `Command line or programming access` page on ..aws.amazon.com |
There was a problem hiding this comment.
..aws.amazon.com
Should this be a URL?
programming access => programmatic access
There was a problem hiding this comment.
Should this be a URL?
the full url contains particular company or region related address parts. But It's possible to provide more detailed address path (changed now). Since effectively Command line or programmatic access is placed on .awsapps.com page. See what you think, we can simply remove this comment part too
| /// "Account": "%ID_VALUE%", | ||
| /// "Arn": "arn:aws:sts::%ID_VALUE%:assumed-role/%ROLE_NAME%/[[email protected]](mailto:[email protected])" | ||
| /// } | ||
| /// pay attention on %ROLE_NAME%. |
There was a problem hiding this comment.
Given this is a public example, we should use [email protected] or some other generic email address rather than a mongodb.com email address. As well, the email address shouldn't be formatted as a mailto link.
| /// ... | ||
| /// in the provided roles, search for a record with a RoleName equal to %ROLE_NAME% and record his arn. | ||
| /// 5. In your atlas cluster, create a new user with AWS authentication and set AWS IAM Role ARN from #4. | ||
| /// 6. Then configure a mongoClient in the same way as it's done in these examples with MONGODB-AWS auth credentials. |
There was a problem hiding this comment.
mongoClient => MongoClient (since it's the name of a class and not a variable)
No description provided.