Security Features and Setup

➤ Required Configurable Security Features. You must set up the following required security features:

• Whitelist

  Atlas only allows client connections to the cluster from entries in the project’s whitelist. To connect, you must add an entry to the whitelist. To set up the whitelist for the project, see Configure Whitelist Entries.

  For Atlas clusters deployed on Google Cloud Platform or Microsoft Azure, add the IP addresses of your GCP or Azure services to Atlas project IP whitelist to grant those services access to the cluster.

• User Authentication/Authorization

  Atlas requires clients to authenticate to access the clusters, i.e. the MongoDB databases. You must create MongoDB users to access the database. To set up MongoDB users to your clusters, see Configure MongoDB Users.

  To access clusters in a project, users must belong to that project. Users can belong to multiple projects. See Atlas Users and Teams.

➤ Optional Security Feature. Atlas provides the following optional security features that you can set up:

• Custom MongoDB Roles

  Atlas supports creating custom MongoDB roles in cases where the built-in Atlas database user privileges cannot describe your desired set of priveleges.

• VPC Peering (AWS Only)

  Atlas supports VPC peering with other AWS VPCs in the same region. To use VPC Peering, see Set up VPC Peering Connection.

• Two Factor Authentication

  Atlas supports Two Factor Authentication (2FA) to help users control access to their Atlas accounts. To use 2FA, see Two Factor Authentication.

• User Authentication/Authorization with LDAP

  Atlas supports performing user authentication and authorization with LDAP. To use LDAP, see Set up User Authentication and Authorization with LDAP.

• Encryption at Rest using your Key Management

  Atlas supports using AWS Key Management Service (AWS KMS) and Azure Key Vault to encrypt storage engines and cloud provider backups. To use encryption at rest, see Encryption at Rest Using Your Key Management.

• Database Auditing

  Atlas supports auditing all system event actions. To use database auditing, see Set up Database Auditing.

• Restrict MongoDB Support Access to Atlas Backend Infrastructure

  Organization owners can restrict MongoDB Production Support Employees from accessing Atlas backend infrastructure for any Atlas cluster in their organization. Organization owners may grant a 24 hour bypass to the access restriction at the Atlas cluster level.

  Important

  Restricting infrastructure access for MongoDB Production Support Employees may increase support issue response and resolution time and negatively impact cluster availability.

  To enable this option, see Restrict MongoDB Support Access to Atlas Backend Infrastructure.

➤ Non-configurable Security Features. The following non-configurable security features are inherent to Atlas:

• TLS/SSL

  Atlas uses TLS/SSL to encrypt the connections to your databases.

• Virtual private cloud (VPC)

  Important

  If this is the first M10+ dedicated paid cluster for the selected region or regions and you plan on creating one or more VPC peering connections, please review the documentation on VPC peering connections before continuing.

• Configure Whitelist Entries
• Configure MongoDB Users
• Configure Custom MongoDB Roles
• Set up VPC Peering Connection
• Set up Two Factor Authentication
• Set up User Authentication and Authorization with LDAP
• Encryption at Rest Using Your Key Management
  • Encryption at Rest via AWS KMS
    • Rotate your customer master key
  • Encryption at Rest via Azure Key Vault
• Set up Database Auditing
  • Configure a Custom Auditing Filter
• Restrict MongoDB Support Access to Atlas Backend Infrastructure

←   Create a Global Cluster Configure Whitelist Entries  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.