By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFormation created an empty DocumentDB

0

Dear all,

First of all I'd like to ay that I'm new to DocuemntDB.

With the help of https://docs.aws.amazon.com/documentdb/latest/developerguide/quick_start_cfn.html I've created a 3 instance DocumentDB with CloudFormation. The deployment finished without errors. I tried to connect with the root username and password I configured in the template without luck:

E QUERY    [js] Error: Authentication failed. :

Then I tried without any user /password and I managed to connect:

$ mongo --ssl --host XYZ.docdb.amazonaws.com:27017 --sslCAFile rds-combined-ca-bundle.pem 
MongoDB shell version v4.0.28
connecting to: mongodb://XYZ.docdb.amazonaws.com:27017/admin?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("11254a7a-6610-4db0-a545-3a8bc4e5cf99") }
MongoDB server version: 4.0.0
rs0:PRIMARY> show dbs;
rs0:PRIMARY>

As you can see there's nothing in the DB.

Is it expected that CF cretaes such an empty DB? According to the connection string from the cluster descriptin I should be using

--username MyUserName --password <insertYourPassword>

My Code has nothing special:

  DBCluster:
    Type: AWS::DocDB::DBCluster
    Properties:
      DeletionProtection: True
      BackupRetentionPeriod : 7
      DBClusterIdentifier : !Ref DBClusterName
      DBClusterParameterGroupName : !Ref DBParameterGroup
      DBSubnetGroupName : !Ref DBSubnetGroup
      MasterUsername : MyUserName 
      MasterUserPassword : !Ref DocDBSecret
      Port : "27017"
      PreferredBackupWindow : "23:00-23:59"
      PreferredMaintenanceWindow : "sun:00:00-sun:05:00"
      VpcSecurityGroupIds:
        - !Ref DBSecurityGroup
      StorageEncrypted : true
      EngineVersion: 4.0.0

(I can paste other part of my template if needed)

Is this behavior expected?

TIA

Topics
DatabaseManagement & Governance
Tags
Amazon DocumentDBAWS CloudFormationDatabase
Language
English
profile picture
Arnau Bria
asked a year ago523 views
4 Answers
1
Accepted Answer

Ok, sorry, I think I now understand the situation. Login without username and password is allowed but without permissions to see anything. Login with username and password gives you admin access :

[ec2-user@ip-10-8-54-91 ~]$ mongo --ssl --host docdb-2023-02-02-07-35-01.cluster-XYZ.us-east-1.docdb.amazonaws.com:27017 --sslCAFile rds-combined-ca-bundle.pem --username root --password passwd
MongoDB shell version v4.0.28
connecting to: mongodb://docdb-2023-02-02-07-35-01.cluster-XYZ.us-east-1.docdb.amazonaws.com:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("8e65f1c3-8512-4e68-9b2d-37a2a8eaf581") }
MongoDB server version: 4.0.0

Warning: Non-Genuine MongoDB Detected

This server or service appears to be an emulation of MongoDB rather than an official MongoDB product.

Some documented MongoDB features may work differently, be entirely missing or incomplete, or have unexpected performance characteristics.

To learn more please visit: https://dochub.mongodb.org/core/non-genuine-mongodb-server-warning.

rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> db.getUsers()
[
        {
                "_id" : "serviceadmin",
                "user" : "serviceadmin",
                "db" : "admin",
                "roles" : [
                        {
                                "db" : "admin",
                                "role" : "root"
                        }
                ]
        },
        {
                "_id" : "root",
                "user" : "root",
                "db" : "admin",
                "roles" : [
                        {
                                "db" : "admin",
                                "role" : "root"
                        }
                ]
        }
]
profile picture
Arnau Bria
answered a year ago
0

Yes, this behavior is expected. The DocumentDB created by CloudFormation is empty by default and you have to create a database and collections within it to store data.

Regarding the connection string, you are correct, you should be using the --username and --password options along with the connection string. Try using the correct credentials, and make sure you are using the correct username and password, as specified in the CloudFormation template.

If you are still having trouble connecting, check the security group settings for the DocumentDB cluster and make sure that the IP address of the machine you are using to connect to the cluster is authorized to access the cluster.

profile picture
Divyam Chauhan
answered a year ago
0

Hi and thanks for your answer.

I was expecting an empty database but was is surprising me is the fact that the login is not working because there is no user access at all. I can access the DB with and empty user/password. As said, I was expecting to connect to the db with user and password specified in the CF template, but that combination (user/passwd) does not work. I can access the DB without specifying a user and a blank password.

is that expected?

profile picture
Arnau Bria
answered a year ago
0

I've now created a new cluster from the console and I see the same behavior: I can access the cluster without having to specify username and password:

[ec2-user@ip-10-8-54-91 ~]$ mongo --ssl --host docdb-2023-02-02-07-35-01-XYZ.us-east-1.docdb.amazonaws.com:27017 --sslCAFile rds-combined-ca-bundle.pem
MongoDB shell version v4.0.28
connecting to: mongodb://docdb-2023-02-02-07-35-01.cluster-XYZ.us-east-1.docdb.amazonaws.com:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("51889135-d22f-4fd8-9aa5-1cc2189aefb4") }
MongoDB server version: 4.0.0
profile picture
Arnau Bria
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content