4

I can't connect to my Amazon DocumentDB from my amazon EC2 ubuntu machine? I've checked the security of the Amazon DocumentDB and it's currently assigned to the default which has "all traffic".

I've tried the following command, straight out of the AWS instances page although I receive the error message included below.

I've followed this aws guide https://docs.aws.amazon.com/documentdb/latest/developerguide/getting-started.connect.html

Mongo shell command from the EC2 ubuntu machine

mongo --ssl --host mydatabasename.23scnncsd3.eu-west-1.docdb.amazonaws.com:27017 --sslCAFile rds-combined-ca-bundle.pem --username webuser --password mypassword

The error message I receive from within the ubuntu command prompt is below

Error message

MongoDB shell version v3.6.11
connecting to: mongodb://mydatabasename.23scnncsd3.eu-west-1.docdb.amazonaws.com:27017/?gssapiServiceName=mongodb
2019-03-11T21:39:37.587+0000 W NETWOK  [thread1] Failed to connect to 172.31.45.184:27017 after 5000ms milliseconds, giving up.
2019-03-11T21:39:37.595+0000 E QUERY    [thread1] Error: couldn't connect to server mydatabasename.23scnncsd3.eu-west-1.docdb.amazonaws.com:27017, connection attempt failed :
connect@src/mongo/shell/mongo.js:263:13
@(connect):1:6
exception: connect failed

Am I doing something wrong? Any help appreciated!

Many thanks,

Update

aws screen shot

James
  • 697
  • 4
  • 19
  • 24
  • James, I just attempted to recreate your issue. It took a while for my cluster, single instance for this test to go from creating to available. attempts to log in from the mongo shell prior to the instance being available will result in your error. So after spinning up your documentdb cluster be sure to have at least one instance available. – Chuck LaPress Mar 12 '19 at 15:43
  • I have one instance, I've attached a screen shot to my original question. – James Mar 12 '19 at 15:47
  • Sorry then, I just followed the a) through d) and then number 2 on this document: https://docs.aws.amazon.com/documentdb/latest/developerguide/getting-started.connect.html I guess make sure your cluster and your ubuntu instance are in the same region. – Chuck LaPress Mar 12 '19 at 15:58
  • You beat me to it, they’re on different regions as I’m based in uk and customers initially will be uk but documentdb isn’t available, only Ireland. Could that be the problem? – James Mar 12 '19 at 16:42
  • 1
    Hey James, yes read through https://docs.aws.amazon.com/documentdb/latest/developerguide/troubleshooting.html#troubleshooting.cannot-connect.different-regions – Chuck LaPress Mar 12 '19 at 16:59
  • okay so I think I know the answer but can you transfer an EC2 to a different region? – James Mar 12 '19 at 18:25
  • 1
    you would copy the AMI and start it in the region that will work for you – Chuck LaPress Mar 12 '19 at 18:50
  • I have a similar issue. Any help would be appreciated: https://stackoverflow.com/questions/55133556/how-to-connect-to-aws-document-db-login-failed – ipegasus Mar 13 '19 at 02:47
  • In my case it was solved by installing shell version 3.6 in ubuntu in the same VPC. Thank you! – ipegasus Mar 13 '19 at 15:44

2 Answers2

1

Amazon DocumentDB deploys clusters within a VPC, which act as a strong network boundary to other VPCs and the Internet. When you are connecting to your cluster, ensure that the client machine is in the same region and the same VPC as the cluster.

Alternatively, if your development environment is in a different Amazon VPC, you can also use VPC Peering and connect to your Amazon DocumentDB cluster from another Amazon VPC in the same region or a different region.

For more information on troubleshooting: https://docs.aws.amazon.com/documentdb/latest/developerguide/troubleshooting.html

Connecting to an Amazon DocumentDB cluster from outside a VPC: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html

Joseph Idziorek
  • 4,853
  • 6
  • 23
  • 37
1

Had the same problem. Availability Zone/VPC/Security Groups are the same for EC2 instance and DocumentDB instance, but still failed to connect.

For some reason, the US documentation is missing one step that is present in CN documentation. https://docs.amazonaws.cn/en_us/documentdb/latest/developerguide/connect-ec2.html

All you need to do is to add another inbound rule to the Secutity Group for TCP and 27017 port. This worked for me. https://i.stack.imgur.com/lOqov.png

Danil Suhomlinov
  • 31
  • 3