In this post, let's see how we can create and administer a new user in Amazon DocumentDB service. Amazon DocumentDB (with MongoDB compatibility) is a NOSQL database claimed to be a fast, reliable, and it is a fully managed database service from AWS.
Please read through the below link for more details.
There are 2 things to consider for setting up a user account for DocumentDB.
1st is to create a role that serves the right access privileges required
2nd is to create a user and assign the role to the user
Connecting to Amazon DocumentDB instance:
Search for "documentdb" >> Click on "Clusters"
Click on the "docdbcluster"
Find the Connect string that is displayed in the Connectivity details. Open your ssh session and download the certificate with the wget command you see.
Next is connect to the instance through mongosh with the connection string displayed and use the username and password as you had given while creating the cluster.
Now you are connected to the Primary Instance of the documentdb cluster.
rs0:PRIMARY> use admin
db.createRole(
{
role: "TestRole",
privileges: [
{
resource: {db: "QADB", collection:""}, actions: ["find"]
}
],
roles: []
}
)
db.createUser (
{
user: "NewUser",
pwd: "ChangeMe123",
roles: ["TestRole"]
}
)
You should see the result as below.
rs0:PRIMARY> db.createUser (
... {
... user: "NewUser",
... pwd: "ChangeMe123",
... roles: ["TestRole"]
... }
... )
Successfully added user: { "user" : "NewUser", "roles" : [ "TestRole" ] }
rs0:PRIMARY>
Now we have successfully created a role that has readOnly (find) privilege and then we have created a user and have assigned role to the user which gives the ability read documents from the DB.
For a detailed information on access controls over the databases and collections can be referred from the below link, I will try to make a blog post on that if possible.
Hopefully this post was helpful.
Regards,
Balaaji Dhananjayan