3

I'm creating new cluster of documentDb in AWS and trying to connect with my net.core application by MongoDriver to it. Cluster with Ssl enabled property.

According to this question and answers I have tried couple ways for reaching my goal.

  • Import chain of certificates to local computer storage, into Trusted Root Certification Authorities rds-combined-ca-bundle.p7b;
  • Read the pem file and create certificate in code for C# or use it in mongoShell with --sslCAFile param.
var clientSetting = MongoClientSettings.FromUrl("mongodb://<myloging>:<mypassword>@<myclusterendpoint>/?ssl=true&replicaSet=rs0");

var setting = new MongoClientSettings()
{
    Server = clientSetting.Server,
    UseSsl = clientSetting.UseSsl,
    Credential = clientSetting.Credential,

    GuidRepresentation = GuidRepresentation.CSharpLegacy,
    ReadPreference = new ReadPreference(ReadPreferenceMode.Primary),
    VerifySslCertificate = true,
    SslSettings = new SslSettings
    {
        ClientCertificates = new List<X509Certificate2>()
        {
            new X509Certificate2("<path>\\rds-combined-ca-bundle.pem")
        },
        EnabledSslProtocols = System.Security.Authentication.SslProtocols.Default,
        CheckCertificateRevocation = true
    },
    ReplicaSetName = clientSetting.ReplicaSetName

};

setting.SslSettings.ClientCertificateSelectionCallback = (sender, host, certificates, certificate, issuers) => setting.SslSettings.ClientCertificates.ToList()[0];
setting.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

setting.MaxConnectionIdleTime = new TimeSpan(0, 0, 30);

client = new MongoClient(setting);

And do this:

var filter = new BsonDocument("name", "mycollection");
var collectionCursor = client.GetDatabase("mydatabase").ListCollections(new ListCollectionsOptions { Filter = filter });
if (!collectionCursor.Any())
{
    throw new Exception("Collection not found");
}

I expect that will get collection with name mycollection or Collection not found exception, but getting

A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "1", ConnectionMode : "ReplicaSet", Type : "ReplicaSet", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/<myclusterendpoint>" }", EndPoint: "Unspecified/<myclusterendpoint>", State: "Disconnected", Type: "Unknown" }] }.

Same problem when try to connect via MongoShell. Maybe problem is in different zones. Example: cluster created in us-east-2 and I try to connect from Ukraine. :)

UPD: Assume that I should be in one VPC for connecting to DocumentDb cluster.

Yaroslav
  • 504
  • 6
  • 13
  • did you solve your problem? i am having the similar problem. i am connecting to docdb from outside the vpc but i got a security group with any inbound (testing of course) but still keep timing out. no luck either TLS on or off in docdb params group. – Laurence Oct 05 '19 at 15:17
  • sorry, just realised one of the answers is your own. thanks. will try that. – Laurence Oct 05 '19 at 15:18

2 Answers2

4

My problem was in designe of access to AWS DocumentDB. More info about database access out of VPC.

Yaroslav
  • 504
  • 6
  • 13
2

I see couple of things you may want to look at:

Kanishka Chaturvedi
  • 227
  • 1
  • 3
  • 1
    Thanks for suggestion. But problem is security designe of AWS DocumentDB access. I have tried to use database from my local machine that does not exists in VPC. – Yaroslav Apr 16 '19 at 13:39