Pre-configuring a connection to a MongoDB cluster
You can connect to Managed Service for MongoDB cluster hosts:
-
Over the internet if you configured public access for the appropriate host when creating your cluster. You can only connect to these hosts over an SSL connection.
-
From Yandex Cloud virtual machines located in the same cloud network. If there is no public access to a host, connections from this type of virtual machine don't need to be over SSL.
To connect to cluster hosts, use port:
27018
: For a non-sharded cluster27017
: For a sharded cluster
Write requests will be automatically routed to the primary cluster replica.
Note
To connect to the cluster from the internet, make sure to set up public access on the primary replica.
If public access is only configured for certain hosts, automatic primary replica change may make the cluster unavailable over the internet.
Configuring security groups
To connect to a cluster, security groups must include rules allowing traffic from certain ports, IP addresses, or from other security groups.
Rule settings depend on the connection method you select:
Configure all the cluster security groups to allow incoming traffic from any IP address on port 27018
for an unsharded cluster or on port 27017
for a sharded one. To do this, create the following rule for incoming traffic:
- Port range:
27018
for a non-sharded cluster27017
for a sharded cluster
- Protocol:
TCP
- Source:
CIDR
- CIDR blocks:
0.0.0.0/0
-
Configure all the cluster security groups to allow incoming traffic from the security group where your VM is located on port
27018
for an unsharded cluster and on port27017
for a sharded one. To do this, create the following rule for incoming traffic in these groups:- Port range:
27018
for a non-sharded cluster27017
for a sharded cluster
- Protocol:
TCP
- Source:
Security group
- Security group: Security group assigned to the VM. If it is the same as the configured group, specify
Current
(Self
).
- Port range:
-
Configure the security group where the VM is located to enable connections to the VM and traffic between the VM and the cluster hosts.
For example, you can set the following rules for a VM:
-
For incoming traffic:
- Port range:
22
- Protocol:
TCP
- Source:
CIDR
- CIDR blocks:
0.0.0.0/0
This rule allows you to connect to a VM over SSH.
- Port range:
-
For outgoing traffic:
- Port range:
0-65535
. - Protocol:
Any
(Any
) - Source:
CIDR
- CIDR blocks:
0.0.0.0/0
This rule allows all outgoing traffic, thus enabling you not only to connect to the cluster but also to install the certificates and utilities your VM needs for the connection.
- Port range:
-
Note
You can specify more detailed rules for your security groups, e.g., to allow traffic only in specific subnets.
You must configure security groups correctly for all subnets in which the cluster hosts will reside. If security group settings are incomplete or incorrect, you may lose access to the cluster if the primary replica fails over automatically.
For more information, see Security groups.
Getting an SSL certificate
To connect to public MongoDB hosts, get an SSL certificate:
mkdir -p ~/.mongodb && \
wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \
--output-document ~/.mongodb/root.crt && \
chmod 0644 ~/.mongodb/root.crt
The certificate is saved to the ~/.mongodb/root.crt
file.
mkdir $HOME\.mongodb; curl.exe -o $HOME\.mongodb\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem
The certificate is saved to the $HOME\.mongodb\root.crt
file.
To use graphical IDEs, save a certificate
Getting FQDNs of MongoDB hosts
To connect to a host, you need its fully qualified domain name (FQDN). You can obtain it in one of the following ways:
-
Look up the FQDN in the management console
:- Go to the cluster page.
- Go to Hosts.
- Copy the Host FQDN column value.
-
In the management console, copy the command for connecting to the cluster. This command contains the host FQDN. To get the command, go to the cluster page and click Connect.
Connection limits
The maximum available number of simultaneous connections to a single Managed Service for MongoDB cluster host depends on the amount of RAM on the host:
Amount of RAM | Maximum number of connections |
---|---|
2 GB | 2048 |
4 GB | 4096 |
8 GB | 8192 |
16 GB or higher | 16 384 |
A host's RAM amount depends on its class. All available options are listed under Host classes.