Connecting to DocumentDB in AWS with shared .pem
Hello, I am trying to create a MongoDB account to connect to DocumentDB in aws. AWS supplied a shared .pem for RDS instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) , but I am not sure how to use that with AWS secrets to create the account. There are fields to KeyStore and TrustStore, so I presume I need to convert the .pem to a different format. In past experience those stores are installed on the node(s) doing the connecting, how would I manage that in a CloudPlex?Is there any guidance on how to proceed? TIA -Liam
AWS Gov Cloud and the S3 File Reader
My company uses sub accounts under a master account to control access and track resources in AWS Gov Cloud. I am trying to get an account configured for the S3 File Reader that works in this configuration. Seems simple enough, I specify my access key and secret key and set the Cross Account IAM Role’s Role ARN field but the validation is failing: Failed to validate account: The security token included in the request is invalid. (Service: AWSSecurityTokenService; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 4961a29f-a875-4c69-9665-e640610bc840) (Reason: No reason provided by the snap; Resolution: No resolution provided by the snap) On my local machine, my ~/.aws/config file looks something like this: [default] region = us-gov-west-1 [profile engineer] role_arn = arn:aws-us-gov:iam::############:role/Sandbox_Administrator source_profile = default region = us-gov-west-1 and my ~/.aws/credentials file looks something like this: [default] aws_access_key_id = <redacted> aws_secret_access_key = <redacted> When I run AWS CLI commands, I have to add “–profile engineer” to the command line but everything works properly. Any clues as to what I need to do to make this work with the S3 File Reader?