Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Pre-configuring a connection to a MongoDB cluster

Written by
Improved by
Updated at October 28, 2024

You can connect to Managed Service for MongoDB cluster hosts:

  • Over the internet if you configured public access for the appropriate host when creating your cluster. You can only connect to these hosts over an SSL connection.

  • From Yandex Cloud virtual machines located in the same cloud network. If there is no public access to a host, connections from this type of virtual machine don't need to be over SSL.

To connect to cluster hosts, use port:

  • 27018: For a non-sharded cluster
  • 27017: For a sharded cluster

Write requests will be automatically routed to the primary cluster replica.

Note

To connect to the cluster from the internet, make sure to set up public access on the primary replica.

If public access is only configured for certain hosts, automatic primary replica change may make the cluster unavailable over the internet.

Configuring security groups

To connect to a cluster, security groups must include rules allowing traffic from certain ports, IP addresses, or from other security groups.

Rule settings depend on the connection method you select:

Configure all the cluster security groups to allow incoming traffic from any IP address on port 27018 for an unsharded cluster or on port 27017 for a sharded one. To do this, create the following rule for incoming traffic:

  • Port range:
    • 27018 for a non-sharded cluster
    • 27017 for a sharded cluster
  • Protocol: TCP
  • Source: CIDR
  • CIDR blocks: 0.0.0.0/0

  1. Configure all the cluster security groups to allow incoming traffic from the security group where your VM is located on port 27018 for an unsharded cluster and on port 27017 for a sharded one. To do this, create the following rule for incoming traffic in these groups:

    • Port range:
      • 27018 for a non-sharded cluster
      • 27017 for a sharded cluster
    • Protocol: TCP
    • Source: Security group
    • Security group: Security group assigned to the VM. If it is the same as the configured group, specify Current (Self).

  2. Configure the security group where the VM is located to enable connections to the VM and traffic between the VM and the cluster hosts.

    For example, you can set the following rules for a VM:

    • For incoming traffic:

      • Port range: 22
      • Protocol: TCP
      • Source: CIDR
      • CIDR blocks: 0.0.0.0/0

      This rule allows you to connect to a VM over SSH.

    • For outgoing traffic:

      • Port range: 0-65535.
      • Protocol: Any (Any)
      • Source: CIDR
      • CIDR blocks: 0.0.0.0/0

      This rule allows all outgoing traffic, thus enabling you not only to connect to the cluster but also to install the certificates and utilities your VM needs for the connection.

Note

You can specify more detailed rules for your security groups, e.g., to allow traffic only in specific subnets.

You must configure security groups correctly for all subnets in which the cluster hosts will reside. If security group settings are incomplete or incorrect, you may lose access to the cluster if the primary replica fails over automatically.

For more information, see Security groups.

Getting an SSL certificate

To connect to public MongoDB hosts, get an SSL certificate:

mkdir -p ~/.mongodb && \
wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \
     --output-document ~/.mongodb/root.crt && \
chmod 0644 ~/.mongodb/root.crt

The certificate is saved to the ~/.mongodb/root.crt file.

mkdir $HOME\.mongodb; curl.exe -o $HOME\.mongodb\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem

The certificate is saved to the $HOME\.mongodb\root.crt file.

To use graphical IDEs, save a certificate to a local folder and specify the path to it in the connection settings.

Getting FQDNs of MongoDB hosts

To connect to a host, you need its fully qualified domain name (FQDN). You can obtain it in one of the following ways:

  • Request a list of cluster hosts.

  • Look up the FQDN in the management console:

    1. Go to the cluster page.
    2. Go to Hosts.
    3. Copy the Host FQDN column value.

  • In the management console, copy the command for connecting to the cluster. This command contains the host FQDN. To get the command, go to the cluster page and click Connect.

Connection limits

The maximum available number of simultaneous connections to a single Managed Service for MongoDB cluster host depends on the amount of RAM on the host:

Amount of RAM Maximum number of connections
2 GB 2048
4 GB 4096
8 GB 8192
16 GB or higher 16 384

A host's RAM amount depends on its class. All available options are listed under Host classes.

What's next

  • Connect to a cluster using command line tools, graphical IDE, or Docker container.
  • Integrate the cluster connection into your aplication code.
Previous
Deleting a cluster
Next
Connecting from applications