Connecting Mongo DB Atlas to Drata allows for the automated, continuous monitoring and evidence collection of the dozens of infrastructure security controls required for compliance.
LIMITATIONS
Atlas' API does not expose user MFA details. As a result, all records on the Managed Accounts page will show as failing MFA. In addition, monitoring test 88 - MFA on Infrastructure Console will show these users as failing. They will need to be excluded. If Atlas is the only connected infrastructure connection, this test can be disabled.
BEFORE DIVING IN
Make sure you have Admin access to your company's Mongo DB Atlas account.
Create Mongo DB Atlas API Key
There are two specific options when connecting Mongo DB Atlas, that focus on the level of API Key you add to Drata. Both of these can be found from the "Access Manager" section at the top of your Atlas Cloud Console.
Option 1: Organization level
The first method will monitor every database for every project inside your MongoDB instance, and that is setting up an API Key with Organization Access.
From there you can create an API Key by clicking "Create API Key" on the far right side of the console.
Drata only requires the API Key to have "Organization Read Only" permission. Copy the API description, public key, and private key. If you would like, ensure to add the API access list before selecting done.
Option 2: Project level
The second method is to create a project-specific key.
Selecting a specific Project, in this example it is "Autopilot", and then once again select the Access Manager dropdown, and click the "Project Access" option.
Select Create an API Key. This API Key will only have access to the selected project. We recommend giving it the "Project Read Only" permission.
If you would like, ensure to add the API access list before selecting done.
Apply DRATA IP Address to Mongo DB API Access List
Drata monitors your cloud MongoDB backup jobs. Requesting access to these jobs over the API requires Drata's IP addresses to be enabled on the Access List for your API key. See this help article that lists all the Drata IPs to enable.
When creating your API key, you can also add the Access List. Upload the access list under API Access List on the API Key Information section.
HERE'S HOW
Follow these instructions to connect Mongo DB Atlas to Drata:
In the bottom left of your screen, select 'Connections’.
Search for 'MongoDB Atlas’ and ‘Connect’.
A drawer will slide out from the right side of your screen with instructions to guide you through making the connection.
Organization ID: Enter your Mongo DB Atlas organization ID. You can find the Organization ID under the Organization Settings section on the Mongo DB Atlas Settings page.
API Key description: Enter your API Key description. When creating the API Key on Mongo DB Atlas Access Manager page, ensure you saved or copied the Description of your API Key to enter or paste into the API Key description field.
Public Key: Enter the public key for your API key. Mongo DB Atlas does not show the public key after you have created the API Key. Ensure to save or copy the public key when creating the API key.
Private Key: Enter the private key for your API Key. Mongo DB Atlas does not show the private key after you have created the API Key. Ensure to save or copy the private key when creating the API Key.