unknown

The confused deputy problem occurs when a privileged entity can be coerced to perform actions on behalf of less privileged entities. In MongoDB Kafka connector deployments on shared infrastructure, this manifests when the Kafka role can assume roles from multiple AWS accounts, potentially allowing unauthorized cross-account data access. The solution involves enhancing the AwsAssumeRoleCredentialProvider class to use external IDs derived from topic names or database/collection combinations, which must be specified in the trust relationship conditions of assumed roles.

Solving the Confused Deputy Problem

Official account for MongoDB to share updates, discussions, and just about everything happening in and around our products!

Building something cool with MongoDB? Wrote something about building with MongoDB? Don't be shy ... share!


