Can I use AWS DocumentDB instead of MongoDB?

default discord avatar
prove-abilitylast year
2 4

mongodb://bard:<passwrd>@docdb-2022-06-13-02-18-07.cluster-c6wqayu9kx2t.ap-northeast-2.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0&retryWrites=false

I want to link AWS DocumentDB.
I want help.

스크린샷 2022-06-13 오전 11 29 52

  • Selected Answer
    discord user avatar
    denolfe
    last year

    Hey @prove-ability, this error indicates that you are not passing the pem file contents into the Mongo options. You will need to have your .pem file locally and pass the contents into payload.init under mongoOptions. Here is an (untested) example:

    const caContent = fs.readFileSync('/path/to/rds-combined-ca-bundle.pem');
    
    payload.init({
      // ..
      mongoOptions: {
        sslCA: caContent,
      },
    });

    Let me know if that gets you any further.

    Here are some links to SO issues that may be useful as well: link, link

    5 replies
  • default discord avatar
    prove-abilitylast year

    The method that I told you didn't work.

    So I tried to proceed after watching AWS DOCS, but this also doesn't work.

    Do you have any idea?

    // Initialize Payload
    payload.init({
    
      secret: process.env.PAYLOAD_SECRET,
      mongoURL: process.env.MONGODB_URI,
      express: app,
      onInit: () => {
        payload.logger.info(`Payload Admin URL: ${payload.getAdminURL()}`)
      },
      mongoOptions: {
        tlsCAFile: `${__dirname}/rds-combined-ca-bundle.pem`
        // ssl: true,
        // sslValidate: false,
        // sslCA: `${__dirname}/rds-combined-ca-bundle.pem`
      }
    })
  • default discord avatar
    x31blast year

    hello @prove-ability

    Besides the SSL-issue, do you think DocumentDB's MongoDB API compatibility sufficient for PayloadCMS purposes?

  • discord user avatar
    jmikrut
    last year

    @x31b — yes, you should be able to 100% use DocumentDB!

  • default discord avatar
    x31blast year

    Awesome. Thanks @jmikrut

  • discord user avatar
    denolfe
    11 months ago

    Also worth looking at @hdodov 's comment below as well: #652 (comment)

  • default discord avatar
    moltarlast year

    @prove-ability Have you gotten the DocumentDB to work?

  • default discord avatar
    PukpikClast year

    Hello @jmikrut ,
    I setup payload on aws but got this error when add data "You are not allowed to perform this action"
    image

    i tried set mongoOptions up as in suggestions above but it still not working

    related error
    image

    Do you have Ideas why,
    Thank you ^^

    4 replies
    discord user avatar
    DanRibbens
    last year

    If you're getting as far as you are in these screenshots, like being able to login, then your issue isn't the database configuration. It has to be your access control or a cors issue. To verify, do you still get the same errors when using MongoDB instead of DocumentDB? I'm assuming that you would.

    @PukpikC I would open a new Q&A discussion if you want troubleshooting help and include some of your config and steps to reproduce.

    default discord avatar
    PukpikClast year

    @DanRibbens Thank you for your answer, ah yes everything works fine on my local using mongoDB. and it would be really nice for new Q&A discussion. 😃

    discord user avatar
    DanRibbens
    last year

    I can't understand how only changing the database connection would make this happen. Your other requests would be failing before these if it was the DB. I still think there is something else going on.

    default discord avatar
    PukpikClast year

    @DanRibbens Hi, Than you for helping, I found a problem, it was about access control. I have to set it correctly to make it work on live :D

  • default discord avatar
    hdodov11 months ago

    I'm going to chime in with how I managed to connect to AWS DocumentDB locally.

    As stated in the AWS docs about "Connecting to an Amazon DocumentDB Cluster from Outside an Amazon VPC", you need to use SSH tunneling (port forwarding). Here's the command that creates a tunnel:

    ssh -i /Users/path/to/ssh-private-key -L 27017:your-cluster.cluster-id.eu-central-1.docdb.amazonaws.com:27017 ec2-user@ec2-12-345-678-90.eu-central-1.compute.amazonaws.com -N

    Then, your MONGODB_URI connection string must look like:

    mongodb://dbuser:dbpassword@localhost:27017/?tls=true&tlsCAFile=eu-central-1-bundle.pem&tlsInsecure=true&directConnection=true&retryWrites=false
    

    Couple of things to note:

    • eu-central-1-bundle.pem can be downloaded from the AWS docs on "Using SSL/TLS to encrypt a connection to a DB instance" and put in the root directory of the project.

    • tlsInsecure=true is needed because due to the SSH tunneling, you're actually connecting to localhost and you would receive the following error regarding the TLS certificate:

      Error: cannot connect to MongoDB. Details: Hostname/IP does not match certificate's altnames: Host: localhost. is not in the cert's altnames: DNS:your-cluster.cluster-id.eu-central-1.docdb.amazonaws.com, DNS:your-cluster.cluster-cluster-id.eu-central-1.docdb.amazonaws.com, DNS:your-cluster.cluster-ro-cluster-id.eu-central-1.docdb.amazonaws.com

    • directConnection=true must be added, as mentioned in this Mongoose issue. Quoting the MongoDB Go Driver docs:

      If set to true, the driver will only connect to the host provided in the URI and will not discover other hosts in the cluster.

      My guess is that this is needed because otherwise the SSH tunnel is messing with that "host discovery".

    • retryWrites=false is needed because otherwise you get:

      MongoServerError: Retryable writes are not supported

    At this point, you should have localhost:27017 forwarding the connection to your-cluster.cluster-id.eu-central-1.docdb.amazonaws.com:27017 using a tunnel through your EC2 instance ec2-12-345-678-90.eu-central-1.compute.amazonaws.com via ec2-user after authenticating with your EC2 SSH private key /Users/path/to/ssh-private-key.


    Before using DocumentDB, I was using Atlas, and the only change in my code I had to make (besides the MongoDB connection string in .env) was to disable the useFacet setting:

    await payload.init({
    	secret: process.env.PAYLOAD_SECRET,
    	mongoURL: process.env.MONGODB_URI,
    	express: app,
    +	mongoOptions: {
    +		useFacet: false,
    +	},
    });
Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.