Hi.
We are running a MongoDB cluster in a series of AWS private subnets that don’t have a NAT gateway.
This was all working as expected until we decided to introduce the AWS IAM MongoDB authentication. We’ve noticed that MongoDB needs to communicate with AWS in order to figure out if a particular client can access a database or not, which is something that now we cannot do (it times out when trying to authenticate a request).
Now, we’ve created a VPC endpoint that let us communicate with STS through this private subnet, which works fine.
The issues now is that it seems that we cannot provide this to the mongod
cli.
We’ve tried passing the AWS_DEFAULT_STS_HOST
environment variable set to said endpoint, but we didn’t have luck.
Is there any way to do this? Or it’s something Percona is not supporting just yet.