0

I'm trying to connect from my local machine to our AWS DocumentDB instance using pymongo. Our current setup is using a ssh tunnel on an ec2 instance which then connects to AWS DocumentDB. This part is working because I can connect via third party tooling to it. (e.g. Studio 3T - no issues creating users).
In each third party tooling I've uploaded the rds-combined-ca-bundle.pem file and I think this may be where I am getting stuck.
The tunnel works according to the logs on the bastion host.
I've tried several variations of the code below, but it just times out.
Currently using version 4.3.3 of pymongo.
Also, for additional information, I'm wanting to test this on my desktop but eventually move it to Lambda.
Any help is much appreciated!!

Current code-

import pymongo
import sshtunnel

global_pem_key="c:\\users\\user\\pathto\\rds-combined-ca-bundle.pem"
ssh_host = 'external IP'
ssh_username = 'sshUser'

database_username = 'Uname'
database_password = 'Pword'
database_name = 'dbname'

tunnel = sshtunnel.SSHTunnelForwarder(
    (ssh_host, 22),
    ssh_username=ssh_username,
    ssh_pkey="c:\\users\\user\\path\\sshpemkey",
    remote_bind_address=('127.0.0.1', 3306)
)

tunnel.start()


client=pymongo.MongoClient("mongodb://dbuname:dbpass@dbName.cluster-***.*-*-*.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false",
                            tlsInsecure=True,
                            directConnection=True,
                            tls=True,
                           tlsCAFile='c:\\users\\user\\\dpath\\rds-combined-ca-bundle.pem'

                            )

print(client.list_database_names())

tunnel.close()
Nippon87
  • 81
  • 1
  • 6

1 Answers1

0

Try this code snippet:

import pymongo
import sshtunnel

# SSH variables
ssh_host = 'myec2.compute.amazonaws.com'
ssh_port = 22
ssh_user = 'ec2-user'
ssh_key = 'path_to_my_ssh_key.pem'

# DocDB variables
docdb_username = 'mydocdb_user'
docdb_password = 'mydocdb_pass'
database_name = 'test'
docdb_endpoint = 'dbName.cluster-***.*-*-*.docdb.amazonaws.com'
docdb_port = 27017
docdb_pem = 'path_to/rds-combined-ca-bundle.pem'


with sshtunnel.SSHTunnelForwarder(
        (ssh_host, ssh_port),
        ssh_username=ssh_user,
        ssh_pkey=ssh_key,
        local_bind_address=('127.0.0.1', 27017),
        remote_bind_address=(docdb_endpoint, docdb_port)) as tunnel:
    docdb_client = pymongo.MongoClient(
        host=tunnel.local_bind_host,
        port=tunnel.local_bind_port,
        tls=True,
        tlsInsecure=True,
        retryWrites=False,
        tlsCAFile=docdb_pem,
        directConnection=True,
        username=docdb_username,
        password=docdb_password,
        authSource='admin'
        )
    print(docdb_client.list_database_names())
    docdb_client.close()
Mihai A
  • 351
  • 1
  • 4
  • Thanks Mihai. I tested it and it doesn't allow me to insert any records. The print statement does show the database but I'm not sure if it's actually connecting or not. – Nippon87 Apr 06 '23 at 19:07