MongoDB setup in AWS
MongoDB is an essential part of microservices architecture. MongoDB is a document-based no-SQL database. Let’s look at how we can set up MongoDB in an AWS instance.
Setting up an AWS instance
Navigate to EC2->Instances->Instances, click on launch instance to launch a new instance. Select Ubuntu Server 18.04 LTS (HVM) AMI. Then choose the instance type, it is better to choose m5 (General Purpose) series of instances for production. If you are just trying it out for fun go ahead and select t2.micro which is eligible for the free tier. Choose the VPC and subnet for the instance. For production, it is better to choose a private subnet with public IP disabled. Add the disk space required for your MongoDB instance, choose IOPS SSD if you will be performing write-intensive operations. Otherwise, go with a general purpose SSD disk. Then, create a new security group with access to port 22 from your machine. Finally, choose an existing
Setting up MongoDB
SSH into the instance once it is ready. Use the pem file created or existing to ssh into you machine.
sudo ssh ~/.ssh/key.pem ubuntu@1.1.1.1
Now, let us install MongoDB in the instance.
wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list
sudo apt-get update
sudo apt-get install -y mongodb-org
Once MongoDB is installed lets start the MongoDB service.
sudo service mongod start
Now that we have started the MongoDB service, let’s check if it is up and running.
sudo service mongod status
Following should be the output of the above command.
● mongod.service - MongoDB Database Server
Loaded: loaded (/lib/systemd/system/mongod.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2019-09-13 08:34:54 UTC; 10h ago
Docs: https://docs.mongodb.org/manual
Main PID: 3735 (mongod)
CGroup: /system.slice/mongod.service
└─3735 /usr/bin/mongod --config /etc/mongod.conf
Sep 13 08:34:54 ip-11-0-2-46 systemd[1]: Started MongoDB Database Server.
Setting up security
Now that we have installed the MongoDB and verified that it is working fine. We need to secure our MongoDB instance using user authorization. First, we need to create admin and application users. Log into MongoDB using
db.createUser(
{
user: "admin",
pwd: "{admin-password}",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Now we need to enable authorization in MongoDB to do that we need to open the file /etc/mongod.conf and add the following to lines:
security:
authorization: 'enabled'
Now, we need to restart the MongoDB service to apply the configuration.
sudo service mongod restart
You can now login to mongo with the created user and password.
mongo -u {user} -p {password}
Enabling remote access
Now that we have secured the MongoDB instance we need to expose this to our services. To do this we need to again visit the /etc/
net:
port: 27111 #default value 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1
It is advisable to change the default port of the MongoDB instance to avoid port scanning of know ports. Changing the
sudo service mongod restart
Setting up the security group
When we created the instance we have only allowed access to port 22. Now that MongoDB is set
Always ensure that you add the security group of the service that is accessing MongoDB and not expose it everyone even if you have installed it in a private subnet.
Now lets try connecting to the MongoDB instance remotely.
mongo -u {user} -p {password} {your_server_ip/dns}/{db}
There we have it, MongoDB installed securely in AWS.