AWS IAM Authentication Support for MongoDB Connections

[KnutFr]

Summary

Add support for AWS IAM authentication when connecting to MongoDB databases, allowing CodePushUp to authenticate using IAM roles instead of traditional username/password credentials.

User Story

As a developer using CodePushUp with MongoDB databases hosted on AWS (such as DocumentDB or Atlas with AWS IAM integration), I want to authenticate using AWS IAM roles directly instead of embedding credentials in connection strings, so that I can:

• Improve security by eliminating hardcoded credentials
• Leverage existing AWS IAM infrastructure
• Maintain vendor-agnostic architecture while supporting cloud-native authentication methods
• Comply with security best practices for cloud deployments

Current Behavior

Currently, CodePushUp requires MongoDB connection strings with embedded username and password credentials for database authentication.

Desired Behavior

CodePushUp should support AWS IAM authentication for MongoDB connections by:

1. Detecting when AWS IAM authentication is configured
2. Automatically handling the IAM role assumption process
3. Managing temporary credentials for MongoDB connections
4. Falling back gracefully to traditional authentication methods when IAM is not available

Technical Context

Error Encountered

When attempting to use AWS IAM authentication with MongoDB, we encounter the following error:

MongoServerError: Authentication failed. at Connection.sendCommand (/usr/src/app/node_modules/mongodb/lib/cmap/connection.js:299:27) at async MongoDBAWS.auth (/usr/src/app/node_modules/mongodb/lib/cmap/auth/mongodb_aws.js:108:9) 

Required Dependencies

For AWS IAM authentication with the Node.js MongoDB driver, the following packages are needed:

• @aws-sdk/credential-providers ^3.201.0
• aws4 ^1.12.0
• mongodb ^5.1.0

Benefits

• Enhanced Security: Eliminates need for hardcoded database credentials
• Cloud Integration: Better integration with AWS-native services
• Operational Efficiency: Leverages existing IAM infrastructure and policies
• Compliance: Supports enterprise security requirements and best practices
• Flexibility: Maintains vendor-agnostic approach while supporting cloud-native features

Use Cases

1. AWS DocumentDB: Direct IAM authentication to DocumentDB clusters
2. MongoDB Atlas: Using AWS IAM integration for Atlas clusters
3. Multi-cloud Deployments: Supporting teams with AWS + MongoDB hybrid infrastructure
4. Enterprise Environments: Organizations requiring IAM-based access controls