3

I'm creating new cluster of documentDb in AWS and trying to connect with my net.core application by MongoDriver to it. Cluster with Ssl enabled property.

According to this question and answers I have tried couple ways for reaching my goal.

  • Import chain of certificates to local computer storage, into Trusted Root Certification Authorities rds-combined-ca-bundle.p7b;
  • Read the pem file and create certificate in code for C# or use it in mongoShell with --sslCAFile param.
var clientSetting = MongoClientSettings.FromUrl("mongodb://<myloging>:<mypassword>@<myclusterendpoint>/?ssl=true&replicaSet=rs0");

var setting = new MongoClientSettings()
{
    Server = clientSetting.Server,
    UseSsl = clientSetting.UseSsl,
    Credential = clientSetting.Credential,

    GuidRepresentation = GuidRepresentation.CSharpLegacy,
    ReadPreference = new ReadPreference(ReadPreferenceMode.Primary),
    VerifySslCertificate = true,
    SslSettings = new SslSettings
    {
        ClientCertificates = new List<X509Certificate2>()
        {
            new X509Certificate2("<path>\\rds-combined-ca-bundle.pem")
        },
        EnabledSslProtocols = System.Security.Authentication.SslProtocols.Default,
        CheckCertificateRevocation = true
    },
    ReplicaSetName = clientSetting.ReplicaSetName

};

setting.SslSettings.ClientCertificateSelectionCallback = (sender, host, certificates, certificate, issuers) => setting.SslSettings.ClientCertificates.ToList()[0];
setting.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

setting.MaxConnectionIdleTime = new TimeSpan(0, 0, 30);

client = new MongoClient(setting);

And do this:

var filter = new BsonDocument("name", "mycollection");
var collectionCursor = client.GetDatabase("mydatabase").ListCollections(new ListCollectionsOptions { Filter = filter });
if (!collectionCursor.Any())
{
    throw new Exception("Collection not found");
}

I expect that will get collection with name mycollection or Collection not found exception, but getting

A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "1", ConnectionMode : "ReplicaSet", Type : "ReplicaSet", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/<myclusterendpoint>" }", EndPoint: "Unspecified/<myclusterendpoint>", State: "Disconnected", Type: "Unknown" }] }.

Same problem when try to connect via MongoShell. Maybe problem is in different zones. Example: cluster created in us-east-2 and I try to connect from Ukraine. :)

UPD: Assume that I should be in one VPC for connecting to DocumentDb cluster.

Improve this question
2
  • did you solve your problem? i am having the similar problem. i am connecting to docdb from outside the vpc but i got a security group with any inbound (testing of course) but still keep timing out. no luck either TLS on or off in docdb params group. Commented Oct 5, 2019 at 15:17
  • sorry, just realised one of the answers is your own. thanks. will try that. Commented Oct 5, 2019 at 15:18

2 Answers 2

Reset to default
4

My problem was in designe of access to AWS DocumentDB. More info about database access out of VPC.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

I see couple of things you may want to look at:

Improve this answer

1 Comment

Thanks for suggestion. But problem is security designe of AWS DocumentDB access. I have tried to use database from my local machine that does not exists in VPC.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.