Skip to content

MongoDB Atlas Authentication

MongoDB Atlas provider uses HTTP Digest Authentication with API key pairs consisting of a public key and private key.

Required Permissions

MongoDB Atlas API keys require appropriate permissions to perform security checks:

The IP address where Prowler runs must be added to the IP Access List of the MongoDB Atlas organization API key. To skip this step and use the API key across all IP address types, uncheck the "Require IP Access List for the Atlas Administration API" button in Organization Settings. This setting is enabled by default.

Warning

To ensure the check organizations_api_access_list_required passes, enable the API access list for the organization and add the execution IP to the organization's IP Access List. When running checks from Prowler Cloud, add our IP to the IP Access List.

Organization Settings

API Key

  1. Log into MongoDB Atlas: Access the MongoDB Atlas console
  2. Navigate to Access Manager: Go to the organization access management section:

    • Click "Access Manager" and "Organization Access":

      Organization Access

    • Then click the "Applications" tab inside the Access Manager:

      Project Access

  3. Select API Keys Tab: Click the "API Keys" tab that appears in the image above

  4. Create API Key: Click "Create API Key" and provide a description

    Create API Key

  5. Set Permissions: Recommend project permissions for enhanced security; modify them after creating the key

    Set Permissions

  6. Save Credentials: Record both the public and private keys, then store them securely

    Save Credentials

  7. Add IP Access List: Add the IP address where Prowler runs to the API Key's IP Access List. To skip this step and use the API key for all IP addresses, uncheck the "Require IP Access List for the Atlas Administration API" button in Organization Settings, though this is not recommended.

    Organization Settings