- Newest
- Most votes
- Most comments
ok, following your suggestions:
-
I did a connection test, result: Ncat: TIMEOUT.
-
I checked my Security Group and in inbound rules is added port 27017 on all tarffic
aws docdb describe-db-clusters --db-cluster-identifier test-270722 --query 'DBClusters[*].[DBClusterIdentifier,Port]'
[
[
"test-270722",
27017
]
]
--db-cluster-identifier test-270722 --query 'DBClusters[].[VpcSecurityGroups[],VpcSecurityGroupId]'
[
[
[
{
"VpcSecurityGroupId": "sg-03b6d4320986c0f67",
"Status": "active"
}
],
null
]
]
Maybe I don't understand something, because why is testing done to the endpoint via port 27017?
I read that to connect from outside the VPC you have to do it via proxy / SSH.
My configuration looks like this:
1.I have a DocumentDB cluster + Security Group "A" (Inbound rules: custom 27017 allowing traffic from Security Group "B")
- EC2 Instance + Security Group "B" (Inbound rules: TCP from anywhere + SSH port 22)
And this is how I connect to DocumentDB cluster, e.g. via MongoDB Compass, I provide both, data to connect to the cluster: host, username, password and data for SSH: SSH host, SSH port, SSH username, SSH Identity File (.pem file)
So, my questions are:
how to properly connect programmatically from the local workstation and save the data in DocumentDB. 1.what should the configuration look like in AWS (is mine correct?), Maybe I just misunderstood something in the documentation 2.Do I have to configure something on the workstation, but since I can connect via MongoDB Compass, I think everything is ok in this matter 3. In the programming manual it looks simple, connect to the cluster endpoint on port 27017, so why all the fuss with SSH, on the other hand, without SSH, I can't connect via MongoDB Compass. Somehow I don't understand it ...I'm missing something here
There is a few troubleshooting steps I suggest to follow.
- Make sure that you can connect to the DocumentDB instance (establishing a TCP connection). See Testing a Connection to an Amazon DocumentDB Instance
- It's most likely that the TCP connection fails as you are getting a timeout error. If the Cloud9 instance is in the same VPC as the DocumentDB, make sure that the security group attached to the DocumentDB is not blocking inbound connection at the DocumentDB port (default port: 27017). See Security Group Blocks Inbound Connections.
- If you are connecting from another VPC or region, see the following: Cross Region Connections, Connecting from Different Amazon VPCs Again, make sure that you can make a TCP connection against the DocumentDB endpoint first. If not, check the security group of the DocumentDB cluster and VPC settings (NACL, network firewall if any). If the client is in a different network, make sure there is a peering between two VPCs to be able to connect.
I answered below :D
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
Sorry for the late reply. Thanks for the additional info. Now it's clear that you are connecting from a local workstation instead of an EC2 instance in one of the VPCs. So, if you are connecting from your local workstation, that's a different network from the VPC the DocumentDB cluster is running. Basically, you need a network connection to the VPC to make it work. In your case, you are using a bastion host to connect to the cluster (local workstation -> bastion host -> DynamoDB cluster). So, you will need to do the same from your code if you wanna follow the same setup (establish the SSH connection to the bastion host and then run the query from there). I think this article can be of help. Take a look at the Connect from a machine outside AWS using an SSH tunnel section.
Additionally, make sure not to expose all your TCP and SSH connection to 0.0.0.0/0. Try to restrict it to specific IP(s) or CIDRs.
I attempted to allow ports 27017 and 22 in the security group. However, I continue to encounter a timeout error when connecting programmatically. Interestingly, connecting via MongoDB Compass to DocumentDB works seamlessly. The current workflow involves connecting from the local workstation through a bastion host to the DocumentDB cluster.