Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Pre-configuring a Yandex StoreDoc cluster connection

Written by
Updated at February 6, 2026

You can connect to Yandex StoreDoc cluster hosts:

  • Over the internet if you configured public access for the appropriate host when creating your cluster. You can only connect to such hosts over an SSL connection.

  • From Yandex Cloud virtual machines located in the same cloud network. If the host is not publicly accessible, there is no need to use SSL for connections from such virtual machines.

To connect to cluster hosts, use the following ports:

  • 27018: For a non-sharded cluster.
  • 27017: For a sharded cluster.

The system will automatically route write requests to the cluster’s primary replica.

Note

To enable internet connectivity to the cluster, configure public access on its primary replica.

Automatic failover may break internet connectivity to the cluster if public access is limited to specific hosts.

Configuring security groups

To connect to a cluster, security groups must include rules allowing traffic from certain ports, IP addresses, or from other security groups.

Rule settings depend on the chosen connection method:

Configure all cluster security groups to allow inbound traffic from any IP address on port 27018 for an unsharded cluster, or on port 27017 for a sharded cluster. To do this, create the following ingress rule:

  • Port range:
    • 27018 for a non-sharded cluster.
    • 27017 for a sharded cluster.
  • Protocol: TCP.
  • Source: CIDR.
  • CIDR blocks: 0.0.0.0/0.

  1. Configure all cluster security groups to allow inbound traffic from your VM’s security group on port 27018 for an unsharded cluster, or on port 27017 for a sharded cluster. To do this, create the following ingress rule in these groups:

    • Port range:
      • 27018 for a non-sharded cluster.
      • 27017 for a sharded cluster.
    • Protocol: TCP.
    • Source: Security group.
    • Security group: VM security group. If this is the same group you are currently configuring, specify Current (Self).

  2. Configure the VM’s security group to enable connections to the VM and traffic between the VM and the cluster hosts.

    VM rule examples:

    • For inbound traffic:

      • Port range: 22.
      • Protocol: TCP.
      • Source: CIDR.
      • CIDR blocks: 0.0.0.0/0.

      This rule allows inbound connections to the VM over SSH.

    • For outbound traffic:

      • Port range: 0-65535.
      • Protocol: Any.
      • Source: CIDR.
      • CIDR blocks: 0.0.0.0/0.

      This rule permits all outbound traffic, allowing you to install any necessary certificates and tools on your VM.

Note

You can specify more granular security group rules, such as allowing traffic only in specific subnets.

Make sure to properly configure security groups for all subnets where the cluster hosts will reside. Incomplete or incorrect security group configuration can lead to a loss of access to the cluster in the event of automatic primary replica failover.

For more information, see Security groups.

Obtaining an SSL certificate

To connect to public Yandex StoreDoc hosts, obtain an SSL certificate:

mkdir -p ~/.mongodb && \
wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \
     --output-document ~/.mongodb/root.crt && \
chmod 0644 ~/.mongodb/root.crt

The certificate will be saved to the ~/.mongodb/root.crt file.

mkdir $HOME\.mongodb; curl.exe -o $HOME\.mongodb\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem

The certificate will be saved to the $HOME\.mongodb\root.crt file.

Corporate policies and antivirus software can block the download of certificates. For more information, see FAQ.

To use graphical IDEs, save a certificate to a local folder and specify the path to it in the connection settings.

Getting FQDNs for Yandex StoreDoc hosts

To connect to a host, you need its FQDN (fully qualified domain name). Here is an example of a Yandex StoreDoc host FQDN:

rc1a-goh2a9tr********.mdb.yandexcloud.net

You can get the FQDN using one of the following methods:

  • Check the FQDN in the management console:

    1. Navigate to the cluster page.
    2. Navigate to Hosts.
    3. Copy the Host FQDN column value.

  • In the management console, copy the cluster connection command (it contains the host’s FQDN). To get this command, navigate to the cluster page and click Connect.

  • Get the list of cluster hosts via the CLI or API.

Connection limits

The maximum available number of simultaneous connections to a single Yandex StoreDoc cluster host depends on the amount of RAM on the host:

Amount of RAM Maximum number of connections
2 GB 2048
4 GB 4096
8 GB 8192
16 GB or higher 16 384

A host's RAM size depends on its class. All available options are listed under Host classes.

Installing MongoDB Shell

To connect to a Yandex StoreDoc cluster from either Linux (using Bash) or Windows (using PowerShell), install MongoDB Shell:

  1. If you do not have Homebrew yet, install it:

    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

  2. Add brew to PATH:

    echo >> /home/<username>/.bashrc && \
echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> /home/<user>/.bashrc && \
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"

  3. Install the dependencies:

    sudo apt-get install build-essential

  4. Install the mongodb-atlas-cli package:

    brew install mongodb-atlas-cli

You can use one of the following methods:

  • Download and install the MongoDB Shell *.msi package from the official GitHub repository.

  • Install MongoDB Shell via Chocolatey by running this command:

    choco install mongodb-shell

What's next

  • Connect to the cluster using either command-line tools, a graphical IDE, or a Docker container.
  • Integrate the cluster connection into your application code.
Previous
Deleting a cluster
Next
Connecting from applications