Connect to aws document-db cluster from mongodb-compass
We know aws document db works under a private vpc and it does not support a public endpoint which means we can’t connect directly to an Amazon DocumentDB cluster from an environment outside AWS.The only way we can connect to document db
1-By launching cloud nine ide within same vpc
2-Through lambda which will be running under same vpc.
3-By using VPC peering from outside VPC
The above ways works only inside aws console and might not be convenient way if someone wants to connect to document db cluster from mongodb compass (Running in local env)
For enabling to connection from local computer below steps need to be followed
1-Create ec2 instance under same vpc as document db .In this blogs we will call it vpc-a
2-Allow ssh connection from your IP address by creating a security group .Call it as sg-a for reference .
3-Create a security group (call it Sg-b)by allowing 27017(Mongo port) under (vpc-a) and at source add sg-a which we created before so that traffic allowed from the network interfaces that are associated with source security group for specified port/protocol but only on private ip address of network inetrface .
4-Create document db cluster and add sg-b security group to it .
5-Intstall mongo-shell on ec2 and try to connect to it by doing ssh to ec2 instance
All the above steps are described steps by steps on aws documentation. Link for reference below
https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-ec2.html
Once connection to mongo cluster from ec2 is established download mongodb-compass (https://www.mongodb.com/products/compass)
Connection through Mongo-db compass
1-Create anew connection and on general tab fill document-db cluster address like below
2-On authentication tab give document-db username pasword (Make sure username/password selected)
3-If your document has TLS enabled fill the TLS/SSl details and point to respective rds-combined-ca-bundle.pem file. You can this by running wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
4-Now on proxy/ssh tab give your ec2 isnace name and point to ec2 key pair pem file which will enable mongodb-compass to hole through to you document-db cluster .
Press connect and you will see a dialog where mongodb-compass prompt about non genunine version of mongo-db detected .
In case of connection time out check if ec2 instance connection to document-db cluster.
