3

I created a Cluster and an Instance of DocumentDB in amazon. When I try to connect to my Local SSH (MacOS) it displays the following message:

enter image description here

When I try for the MongoDB Compass Community:

mongodb://Mobify:<My-Password>@docdb-2019-04-07-23-28-45.cluster-cmffegva7sne.us-east-2.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0

It loads many minutes and in the end it has this result:

enter image description here

After solving this problem, I would like to know if it is possible to connect a cluster of documentDB to an instance in another zone of availability ... I have my DocumentDB in Ohio and I have an EC2 in São Paulo ... is it possible?

Stennie
  • 63,885
  • 14
  • 149
  • 175
Silvio Luis
  • 193
  • 1
  • 3
  • 11
  • 1
    Does your aws instance having the mongodb service running? If yes then show the mongod.conf file. Because the only possibility here is you might have not opened the 27017 port. – Ashh Apr 08 '19 at 19:31
  • @AnthonyWinzlet do you say the instance of my cluster? if this is, I do not know how to connect via ssh through it to get this information ... the only thing you have in documentDB is how to connect to mongoDB, so I believe you are with mongoDB running yes. – Silvio Luis Apr 08 '19 at 19:34
  • Then connect your ssh first and then check the mongodb service over there. – Ashh Apr 09 '19 at 18:55
  • @SilvioLuis, you can use VPC peering to connect from Sao Paulo to Ohio: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html – Joseph Idziorek Jul 27 '19 at 13:39

3 Answers3

4

Amazon DocumentDB clusters are deployed in a VPC to provide strong network isolation from the Internet. To connect to your cluster from outside of the VPC, please see the following: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html

Joseph Idziorek
  • 4,853
  • 6
  • 23
  • 37
2

AWS document DB is hosted on a VPC (virtual private cloud) which has its own specific subnets and security groups; basically, anything that resides in a VPC is not publicly accessible.

Document DB is deployed in a VPC. In order to access it, you need to create an EC2 instance or AWS Could9.

Let's access it from the EC2 instance and access AWS document DB using SSH tunneling.

  1. Create an EC2 instance (preferably ubuntu) of any configuration and select the same VPC in which your document DB cluster is hosted.

  2. After the EC2 is completely initialized, start an SSH tunnel and bind the local port @ 27017 with document DB cluster host @ 27017.

ssh -i "<ec2-private-key>" -L 27017:docdb-2019-04-07-23-28-45.cluster-cmffegva7sne.us-east-2.docdb.amazonaws.com:27017 ubuntu@<ec2-host> -N

  1. Now your localhost is tunneled to ec2 on port 27017. Connect from mongosh or mongo, enter your cluster password and you will be logged in and execute any queries.

mongosh --sslAllowInvalidHostnames --ssl --sslCAFile rds-combined-ca-bundle.pem --username Mobify --password

Note: SSL will be deprecated. Use tls, just replace SSL with tls in the above command.

Anandesh Sharma
  • 436
  • 6
  • 22
  • 1
    The statement "anything that resides in a VPC is not publicly accessible" is not accurate. – jarmod Nov 18 '22 at 14:04
  • @jarmod in this case it is, DocumentDB is not directly accessible from the outside. Because it is strongly deployed on private IP-Adresses inside the VPCs. – bymo May 31 '23 at 17:07
0

I had a similar problem (probably technically a duplicate question), and I opted to connect via Cloud9. Here is an excerpt of my answer there.

When setting up Cloud9, for some reason I had to select the "Secure Shell (SSH)" connection option, as the "AWS Systems Manager (SSM)" would give me an error with a lifecycle status of "Creation failed".

You can use the Cloud9 terminal to install the MongoDB shell and then use it to connect to your DocumentDB cluster in the same VPC. See Get Started with Amazon DocumentDB for an overview. Here are some tips from my experiences.

You can get the connection instructions from the console page for your DocumentDB cluster under "Connectivity & security". It assumes you've already installed the MongoDB shell, and assumes you're using the old version mongo. I preferred to use the newer mongosh, even though DocumentDB isn't compatible with the latest MongoDB versions, if nothing else than to ensure that the simple functionality I needed works with DocumentDB. So I followed the official MongoDB installation instructions, being sure to select "Amazon Linux".

Rather than typing some echo instructions, I typed sudo nano /etc/yum.repos.d/mongodb-org-6.0.repo and entered the following information to set up the latest (as of today) MongoDB Yum RPM repo:

[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc

Then installed mongosh:

sudo yum install -y mongodb-mongosh

Then finally I followed the connections instructions for my DocumentDB cluster from the console.

wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
mongosh --tls --host <cluster-info>.us-east-1.docdb.amazonaws.com:27017 --tlsCAFile rds-combined-ca-bundle.pem --username <username> --password <password>

Note that using the latest mongosh (v1.8.0), besides using mongo instead of mongosh it's best to also:

  • use --tls instead of --ssl, and
  • use --tlsCAFile instead of --sslCAFile.
Garret Wilson
  • 18,219
  • 30
  • 144
  • 272