September 14, 2019

MongoDB setup in AWS

MongoDB setup in AWS

MongoDB is an essential part of microservices architecture. MongoDB is a document-based no-SQL database. Let’s look at how we can set up MongoDB in an AWS instance.

Setting up an AWS instance

Navigate to EC2->Instances->Instances, click on launch instance to launch a new instance. Select Ubuntu Server 18.04 LTS (HVM) AMI. Then choose the instance type, it is better to choose m5 (General Purpose) series of instances for production. If you are just trying it out for fun go ahead and select t2.micro which is eligible for the free tier. Choose the VPC and subnet for the instance. For production, it is better to choose a private subnet with public IP disabled. Add the disk space required for your MongoDB instance, choose IOPS SSD if you will be performing write-intensive operations. Otherwise, go with a general purpose SSD disk. Then, create a new security group with access to port 22 from your machine. Finally, choose an existing pem file or create a new key.

Setting up MongoDB

SSH into the instance once it is ready. Use the pem file created or existing to ssh into you machine.

sudo ssh ~/.ssh/key.pem ubuntu@1.1.1.1

Now, let us install MongoDB in the instance.

wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list
sudo apt-get update

sudo apt-get install -y mongodb-org

Once MongoDB is installed lets start the MongoDB service.

sudo service mongod start

Now that we have started the MongoDB service, let’s check if it is up and running.

sudo service mongod status

Following should be the output of the above command.

● mongod.service - MongoDB Database Server
   Loaded: loaded (/lib/systemd/system/mongod.service; disabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-09-13 08:34:54 UTC; 10h ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 3735 (mongod)
   CGroup: /system.slice/mongod.service
           └─3735 /usr/bin/mongod --config /etc/mongod.conf

Sep 13 08:34:54 ip-11-0-2-46 systemd[1]: Started MongoDB Database Server.

Setting up security

Now that we have installed the MongoDB and verified that it is working fine. We need to secure our MongoDB instance using user authorization. First, we need to create admin and application users. Log into MongoDB using mongo command. Then create users using the following command.

db.createUser(
  {
    user: "admin",
    pwd: "{admin-password}",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

Now we need to enable authorization in MongoDB to do that we need to open the file /etc/mongod.conf and add the following to lines:

security:
    authorization: 'enabled'

Now, we need to restart the MongoDB service to apply the configuration.

sudo service mongod restart

You can now login to mongo with the created user and password.

mongo -u {user} -p {password}

Enabling remote access

Now that we have secured the MongoDB instance we need to expose this to our services. To do this we need to again visit the /etc/mongod.conf file and make the following changes.


net:
    port: 27111 #default value 27017
    bindIp: 0.0.0.0   #default value is 127.0.0.1

It is advisable to change the default port of the MongoDB instance to avoid port scanning of know ports. Changing the bindIp from 127.0.0.1 to 0.0.0.0 will allow MongoDB to be remotely accessible from other services. Now, restart the service to apply the configuration.

sudo service mongod restart

Setting up the security group

When we created the instance we have only allowed access to port 22. Now that MongoDB is set up and secure, we can expose MongoDB to other services. To do that, we need to add an entry in the security group’s inbound rule. It will look like this.

Always ensure that you add the security group of the service that is accessing MongoDB and not expose it everyone even if you have installed it in a private subnet.

Now lets try connecting to the MongoDB instance remotely.

mongo -u {user} -p {password} {your_server_ip/dns}/{db}

There we have it, MongoDB installed securely in AWS.