By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Lambda nodejs cant connect to documentDB

0

Good morning all, I'm trying to connect with NodeJs to my documentdb cluster with mongoose without ssl: I get {"message":"Internal server error"} with ssl i get pem file not found {"message":"ENOENT: no such file or directory, open '/var/task/rds-combined-ca-bundle.pem'"}

Here is my code with ssl

import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda'
import mongoose = require('mongoose')
import fs = require("fs")
import path = require("path")

export const lambdaHandler = async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
  let response: APIGatewayProxyResult;
  try {
    const filePath = path.join(__dirname, 'rds-combined-ca-bundle.pem')
    const databaseUri = 'mongodb://myuser:mypassword@mycluster.docdb.amazonaws.com:27017/?ssl=true&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false'
    const client = await mongoose.connect(databaseUri, {
        ssl: true,
        sslValidate: false,
        sslCA: filePath,
        useNewUrlParser: true,
        useUnifiedTopology: true
    })

    // Return result
    response = { statusCode: 200, body: JSON.stringify({ test: 'test mongoose', client: client }) }
  } catch (err: unknown) {
    console.log('4',err)
    response = { statusCode: 500, body: JSON.stringify({ message: err.message }) }
  }
  return response;
}

Here is my code without ssl

import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda'
import mongoose = require('mongoose')

export const lambdaHandler = async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
  let response: APIGatewayProxyResult;
  try {
    const client = await mongoose.connect(
    'mongodb://myuser:mypassword@mycluster.docdb.amazonaws.com:27017/sample-database?replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false',
    {
     useNewUrlParser: true
    })
    //Return result
    response = { statusCode: 200, body: JSON.stringify({ test: 'test mongoose', client: client }) }
  } catch (err: unknown) {
    console.log('4',err)
    response = { statusCode: 500, body: JSON.stringify({ message: err.message }) }
  }
  return response;
}

Could you help me ? thank you sincerely

Topics
ServerlessComputeDatabase
Tags
AWS LambdaAmazon DocumentDB
Language
English
Julien Griffon
asked a year ago351 views
1 Answer
0

If TLS is enabled on your Document DB Cluster then you need to provide the SSL CA bundle in your request. It seems that the lambda is trying to load it from a path that doesn't exist. your options to have a cert used in your lambda could be one of the following :

  • Use a secret in secrets manager to hold the cert content then have the lambda pull the value of the secret and download it to the /tmp directory when your lambda runs and then use it to make the connection
  • Build a lambda layer that includes the cert then add the layer to your lambda,the cert would then be accessible under /opt
AWS
KRady-AWS
answered a year ago
  • Julien Griffon
    a year ago

    thank you for your reply ! I will try the solution with the layer. have a nice day

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content