3

I am using following commands as aws suggests to download rds-combined-ca-bundle.pem file and to connect to cluster.

wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem

mongo --ssl --host docdb-2021-03-29-09-23-57.cluster-cqwdgjnpay32.ap-south-1.docdb.amazonaws.com:27017 --sslCAFile rds-combined-ca-bundle.pem --username docudbadmin --password *****

getting the following

Error: couldn't connect to server docdb-2021-03-29-09-23-57.cluster-cqwdgjnpay32.ap-south-1.docdb.amazonaws.com:27017, connection attempt failed: HostUnreachable: Connection reset by peer : connect@src/mongo/shell/mongo.js:353:17 @(connect):2:6 exception: connect failed

But,with out enabling tls and tls_monitor parameters in cluster group,I'm able to connect from ec2 through mongo shell.

amitd
  • 1,497
  • 4
  • 11
prathyusha magam
  • 149
  • 11
  • (1) Are security groups used for communication between AWS EC2 and Amazon DocumentDB cluster open for port `27017`? (2) What response do you see when you execute `nc -zv docdb-2021-03-29-09-23-57.cluster-cqwdgjnpay32.ap-south-1.docdb.amazonaws.com 27017` on cli of the same EC2 ? – amitd May 03 '21 at 13:42

1 Answers1

4

In Amazon DocumentDB, modifying the the tls parameter requires a reboot for the change to take effect. Thus, it is possible to modify the parameter, still have a pending change on the cluster, and still be able to connect without TLS. It is recommended to reboot all the instances in the cluster for the pending changes to take hold in the cluster and then try connecting with TLS again.

Joseph Idziorek
  • 4,853
  • 6
  • 23
  • 37