- Newest
- Most votes
- Most comments
Hello,
Amazon DocumentDB clusters are deployed within an Amazon Virtual Private Cloud (Amazon VPC). They can be accessed directly by Amazon EC2 instances or other AWS services that are deployed in the same Amazon VPC. Additionally, Amazon DocumentDB can be accessed by EC2 instances or other AWS services in different VPCs in the same AWS Region or other Regions via VPC peering [1].
On the Amazon DocumentDB management console find your cluster and link on the VPC. Maybe you created one or choose at creation[2].
Securityis the top priority. To identify if your VPC is public or private lies in what it means in AWS for a subnet of a VPC to be 'public' vs. 'private'. Public subnets have a default route to an Internet Gateway; private subnets do not.
So, to determine if a given subnet is public or private, you need to describe the route table that is associated with that subnet. That will tell you the routes and you can test for a 0.0.0.0/0 route with a gateway ID of igw-xxxxxxxxxxxxxxxxx (as opposed to local), this confirms that you are looking at a public subnet [3].
References:
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- How do I resolve issues with an Amazon DocumentDB instance that is in an incompatible-network state?AWS OFFICIALUpdated 5 years ago
- AWS OFFICIALUpdated 10 months ago
Thanks for your reply.
I am in a situation with DocumentDB and EC2s instances in the same VPC. EC2s can access DocumentDB.
Then I have a lambda function in the same VPC but it can't access My DocumentDB cluster.
I know how to check if a subnet is public or private, I would like to check if documentDB is on a public one, as I can only see the link to the VPC, and my VPC has both private and public subnets.
If your VPC has both private and public subnets., then is a public VPC. Review the documentation for Lambda to access resources in a VPC [1]. The logs for the Lambda in the Clouwatch returns what type of result?