MongoDB Atlas Authentication¶
MongoDB Atlas provider uses HTTP Digest Authentication with API key pairs consisting of a public key and private key.
Required Permissions¶
MongoDB Atlas API keys require appropriate permissions to perform security checks:
- Organization Read Only: Provides read-only access to everything in the organization, including all projects in the organization.
- To audit the Auditing configuration for the project, Organization Owner permission is required.
The IP address where Prowler runs must be added to the IP Access List of the MongoDB Atlas organization API key. To skip this step and use the API key across all IP address types, uncheck the "Require IP Access List for the Atlas Administration API" button in Organization Settings. This setting is enabled by default.
Warning
To ensure the check organizations_api_access_list_required
passes, enable the API access list for the organization and add the execution IP to the organization's IP Access List. When running checks from Prowler Cloud, add our IP to the IP Access List.
API Key¶
- Log into MongoDB Atlas: Access the MongoDB Atlas console
-
Navigate to Access Manager: Go to the organization access management section:
-
Click "Access Manager" and "Organization Access":
-
Then click the "Applications" tab inside the Access Manager:
-
-
Select API Keys Tab: Click the "API Keys" tab that appears in the image above
-
Create API Key: Click "Create API Key" and provide a description
-
Set Permissions: Recommend project permissions for enhanced security; modify them after creating the key
-
Save Credentials: Record both the public and private keys, then store them securely
-
Add IP Access List: Add the IP address where Prowler runs to the API Key's IP Access List. To skip this step and use the API key for all IP addresses, uncheck the "Require IP Access List for the Atlas Administration API" button in Organization Settings, though this is not recommended.