- 1 Minute to read
- Print
- DarkLight
- PDF
Connection to AWS DocumentDB Cluster
- 1 Minute to read
- Print
- DarkLight
- PDF
AWS DocumentDB is a fully managed MongoDB cluster, but requires a connection inside the same VPC it's configured in. As AWS DocumentDB documentation claims:
Amazon DocumentDB (with MongoDB compatibility) clusters are deployed within an Amazon Virtual Private Cloud (Amazon VPC). They can be accessed directly by Amazon EC2 instances or other AWS services that are deployed in the same Amazon VPC. Additionally, Amazon DocumentDB can be accessed by EC2 instances or other AWS services in different VPCs in the same AWSRegion or other Regions via VPC peering.
However, suppose that your use case requires that you (or your application) access your Amazon DocumentDB resources from outside the cluster's VPC. In that case, you can use SSH tunneling (also known as port forwarding) to access your Amazon DocumentDB resources.
Therefore, as mentioned, connecting into DocumentDB using Rivery requires connectivity using as SSH Tunneling.
SSL Configuration of AWS DocumentDB
AWS DocumentDB provides a special SSL protocol, which makes the SSL from an external server using SSH Tunneling unavailable as it is. If Transport Layer Security (TLS) is enabled on your Amazon DocumentDB cluster, you need to download the public key for Amazon DocumentDB from https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem.
The following operation downloads this file (on Linux):
wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
TLS is enabled by default for new Amazon DocumentDB clusters. However, you can disable it. For more information, see Managing Amazon DocumentDB Cluster TLS Settings.
Therefore, there's a need to check the Allow Invalid Certificate and Allow Invalid Hostname options, under the SSL section on Rivery MongoDB connection in order to make sure the connection works properly.
When using DocumentDB with SSL,
Please add the following to the connection URI:
?tlsAllowInvalidHostnames=true&tls=true&tlsAllowInvalidCertificates=true
Resulting in the following:
mongodb://{username}:{password}@{host}:{port}/{database}?tlsAllowInvalidHostnames=true&tls=true&tlsAllowInvalidCertificates=true
Connecting as a ReplicaSet
In order to provide a valid connection string in Rivery MongoDB connection, please use AWS's recommendation of Connecting to Amazon DocumentDB as a Replica Set. In this case, you can use the Mongo URI section, in a combination of {password} variable in it as described above.