Posted On: Oct 25, 2021

Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. As a document database, Amazon DocumentDB makes it easy to store, query, and index JSON data at scale.

Today, Amazon DocumentDB added support for access control with user-defined roles. With user-defined roles you can grant users one or more custom roles that determine which operations they are authorized to perform. This release improves on DocumentDB’s RBAC support which was previously limited to built-in roles. For some use cases, the built-in roles are not sufficient and you may need the ability to customize authorization across specific actions and resources. For example, you may wish to grant a user read-only access to a specific collection, and grant read-write access to another collection. User-defined roles gives you the flexibility to customize RBAC roles based on your organizations requirements.

To add a role, you can use the db.createRole() method. For more information on how to get started see our documentation. Ability to create user-defined roles is now available in all regions where Amazon DocumentDB is available. If you are new to Amazon DocumentDB, the getting started guide will show you how to quickly provision an Amazon DocumentDB cluster and explore the flexibility of the document model.