(DOCSP-41303) documents aws iam user auth (#142)

carriecwk · web-flow · commit ceffe1f08910 · 2024-09-23T16:23:21.000-04:00
* (DOCSP-41303) documents aws iam user auth * (DOCSP-41303) copy feedback * (DOCSP-41303) copy feedback round two * (DOCSP-41303) pushing changes
diff --git a/source/atlasdatabaseuser-custom-resource.txt b/source/atlasdatabaseuser-custom-resource.txt
@@ -275,6 +275,27 @@ specification with |oidc|.
      username: my-oidc-group-id/my-idp-group-name
      oidcAuthType: IDP_GROUP
 
+Database User with |aws| |iam| Authentication
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following example shows an ``AtlasDatabaseUser`` custom resource
+specification with |aws| |iam|.
+
+.. code-block:: sh
+
+   apiVersion: atlas.mongodb.com/v1
+   kind: AtlasDatabaseUser
+   metadata:
+     name: my-database-user
+   spec:
+     username: arn:aws:iam::123456789012:user/johndoe
+     roles:
+       - roleName: "readWriteAnyDatabase"
+         databaseName: "admin"
+     projectRef:
+       name: my-project
+    awsIAMType: USER
+
 Parameters
 ----------
 
@@ -285,6 +306,31 @@ see the |service| :oas-atlas-op:`Database Users API
 these descriptions, the available examples, and the |api| documentation 
 to customize your specifications.
 
+.. setting:: spec.awsIAMType
+
+   *Type*: string
+
+   *Optional*
+
+   Label that indicates whether the database user authenticates with the 
+   |aws| |iam| credentials associated with the user, or the user's role. 
+   If you don't specify a value, |service| uses the default value of ``NONE``.
+
+   This parameter accepts:
+
+   .. list-table::
+      :stub-columns: 1
+      :widths: 20 80
+
+      * - NONE
+        - User who doesn't use |aws| |iam| authentication.
+
+      * - USER
+        - User who authenticates with the |aws| |iam| credentials associated with the user.
+
+      * - ROLE
+        - User who authenticates with the |aws| |iam| credentials associated with the user's role.
+
 .. setting:: spec.databaseName
 
    *Type*: string
@@ -384,6 +430,11 @@ to customize your specifications.
    </core/security-oidc>`, this value must be your |service| |oidc|
    |idp| followed by a forward slash ``/`` and your |idp| group name.
 
+   If the database user authenticates with |aws| |iam| credentials, 
+   this value must be the user that authenticates with the |aws| |iam| 
+   credentials or the role of the user that authenticates with the |aws| 
+   |iam| credentials in :aws-docs:`|arn| format <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html#arns-syntax>`__.
+
 .. setting:: spec.x509Type
 
    *Type*: string
@@ -435,3 +486,4 @@ Do not specify the following parameters:
 - ``password``
 
   Specify :setting:`spec.passwordSecretRef` instead.
+
