ScaleGrid supports the ability to manage your MongoDB clusters in your own AWS account. This model has several advantages as outlined in this blog post, and in order to manage MongoDB clusters in your own AWS account, ScaleGrid requires certain permissions. Our recommendation is to restrict the permissions so that ScaleGrid has enough permission to manage your MongoDB servers, and nothing more. This can be done by configuring a custom Identity and Access Management (IAM) policy for the AWS keys that you input into ScaleGrid. Here are our two types of IAM policies:
Full Permissions IAM Policy
In the Full Permissions policy, all ScaleGrid operations are supported. If you wish to lock down access further, use the Restricted Permissions policy
Restricted Permissions IAM Policy
In this model, the only operations that can be performed are backup and restore. All other operations require Full Permissions access. If you do not expect to make any changes to your MongoDB clusters once deployed, you can use the Restricted Permissions policy
To obtain the latest IAM policies for your account, please email us at [email protected].
Configure IAM Policy in the AWS Console
Below is the step by step process to configure the IAM policy in the Amazon console.
1. In the Amazon AWS console, navigate to the IAM console:
2. Click ‘Create’ to create a new IAM user:
3. Create a user – ‘ScaleGrid-user’:
4. Download and save the API keys for the new user:
5. Click on the ‘Permissions’ tab to edit the permissions for the newly created user:
7. Add in the policy that you obtained from ScaleGrid and apply the policy:
Once configured, you can now use the Access Key and the Secret Key to create a machine pool in ScaleGrid. If you have any further questions please contact us at [email protected].