This site has been generated and deployed from Github repository tjtharrison/

Tim Harrison

DevSecOps Team Lead

Setting up an internal DocumentDB instance (Within a VPC)

Follow these instructions to setup an AWS documentDB instance (or replicaset) within a VPC.

Connecting to the Cluster:

Once your cluster is created, you can connect using the mongo shell. Do not enter your mongodb password as this will be stored plain text in your shell history. Leave the password field blank and you will be prompted for this after pressing return.

You can get the connection string for your cluster from documentDB

NOTE: The below works only for mongo-clients version 4. Greater than this requires TLS (not tested) and older versions complain about a version mismatch.

 mongo --ssl --host [cluster-address]:27017 --sslCAFile rds-combined-ca-bundle.pem --username [your username] --password [DO NOT ENTER PASSWORD HERE]

## Creating additional users in the cluster

Connect to the cluster using mongo tools and create a user as follows:
db.createUser( { user: "username", pwd: "password", roles: [{"db":"admin", "role":"dbAdminAnyDatabase" }] } )
## Granting users Database access:
In order for a user to be able to read/write data to a specific database, access must be granted for this. Options include: read, readWrite, readAnyDatabase and clusterAdmin

Eg to grant a user readWrite permissions on a specific database, run the following:
db.grantRolesToUser( "USERNAME", [{ role: "readWrite", db: "DATABASE_NAME" }]) ```