Create Amazon DocumentDB (MongoDB) Database on AWS With CloudFormation
This article helps a user create a document database cluster with a single primary instance using a CloudFormation template. A document database is important when a user wants to run Mongo database workloads on AWS (Amazon Web Services). The Amazon DocumentDB (with MongoDB compatibility) is a scalable, fully managed, fast and highly available document database service that supports MongoDB workloads.
This managed non-relational database service makes it easier to store, query and index JSON data. This database service is designed from the ground-up to give guarantee scalability, performance, and availability you need when operating mission-critical MongoDB workloads at scale.
Setup Pre-requisites
The user will need to have:
- An AWS Account
- Created a user with permissions to create resources on the AWS Account
- An IDE like visual studio code to write and edit your CloudFormation Template.
CloudFormation Template used
Kindly find below the CloudFormation Template. The template will create:
- The database instance security group.
- Database subnet group.
- The database parameter group.
- Document database Cluster.
- Database instance.
---
AWSTemplateFormatVersion: "2010-09-09"
Description: Template to Create a document DB parameter group, subnet group and cluster
Parameters:
VPC:
Type: String
Description: The VPC to create the cluster
Default: vpc-ID
PrivateSubnet01:
Type: String
Description: The subnet for the DB cluster
Default: subnet-ID
PrivateSubnet02:
Type: String
Description: The subnet for the DB cluster
Default: subnet-ID
MasterUsername:
Type: String
Description: The username for our database.
MasterUserPassword:
Type: String
Description: The password for the database.
"NoEcho": true
Resources:
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "DB instances security group"
GroupName: "test-db-instance-SG"
VpcId: !Ref VPC
SecurityGroupIngress:
-
CidrIp: "*.*.*.*/32"
FromPort: 22017
IpProtocol: "tcp"
ToPort: 22017
SecurityGroupEgress:
-
CidrIp: "0.0.0.0/0"
IpProtocol: "-1"
DBSubnetGroup:
Type: AWS::DocDB::DBSubnetGroup
Properties:
DBSubnetGroupDescription: "test document db subnet group"
DBSubnetGroupName: "eu-central-1-test-db-subnet-group"
SubnetIds:
- !Ref PrivateSubnet01
- !Ref PrivateSubnet02
Tags:
- Key: Name
Value: eu-central-1-test-db-subnet-group
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
DBParameterGroup:
Type: AWS::DocDB::DBClusterParameterGroup
Properties:
Description: "our test document db parameter group"
Family: docdb3.6
Name: test-db-parameter-group
Parameters:
audit_logs: "disabled"
tls: "enabled"
ttl_monitor: "enabled"
Tags:
- Key: Name
Value: eu-central-1-test-db-cluster
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
DBCluster:
Type: AWS::DocDB::DBCluster
Properties:
BackupRetentionPeriod : 5
DBClusterIdentifier : eu-central-1-test-db-cluster
DBClusterParameterGroupName : !Ref DBParameterGroup
DBSubnetGroupName : !Ref DBSubnetGroup
MasterUsername : !Ref MasterUsername
MasterUserPassword : !Ref MasterUserPassword
Port : "27017"
PreferredBackupWindow : "23:00-23:59"
PreferredMaintenanceWindow : "sun:00:00-sun:05:00"
VpcSecurityGroupIds:
- !Ref DBSecurityGroup
StorageEncrypted : true
Tags:
- Key: Name
Value: eu-central-1-test-db-cluster
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
DBInstance:
Type: AWS::DocDB::DBInstance
Properties:
AutoMinorVersionUpgrade: true
AvailabilityZone: "eu-west-1a"
DBClusterIdentifier: !Ref DBCluster
DBInstanceClass: "db.t3.medium"
DBInstanceIdentifier: "test-cluster-instance-1"
PreferredMaintenanceWindow: "sun:00:00-sun:05:00"
Tags:
- Key: Name
Value: eu-central-1-test-db-instance
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
Outputs:
Cluster:
Description: The DB Cluster Name
Value: !Ref DBCluster
SubnetGroup:
Description: The db subnet group name
Value: !Ref DBSubnetGroup
ParameterGroup:
Description: The db subnet group name
Value: !Ref DBParameterGroupWe can deploy the CloudFormation Template using a CloudFormation stack.
The Template Explained
The template comprises 3 sections. The Parameters, Resources and Outputs sections.
Parameters:
In the resources section, we require the user to input the dynamic variables of their template. For our case, the user should replace the VPC and subnet ID’s with their respective VPC and subnet ID’s. Also, the user will be prompted to input their database master username and password. Kindly ensure that you do not use admin as the master username.
Resources:
Here the user defines the AWS resources to create. For our case, we start by creating the database instance security group. The user should change the security group ingress to reflect the CIDR IP Block that they would like to permit access to the Database instances.
Next, it creates the DB subnet and parameter groups. The subnet group defines the subnets where the database cluster and instances are created. The parameter group allows you to manage your database engine configurations. The user should go through the parameter group properties and change to their specific requirements. Also, the user should pay attention to the names and tags to customize as needed.
Then the document database cluster is created. Just as above, the user should go through all the cluster properties and change them to match their requirements.
Finally, the DB Instance is created. However, the user should go through the template and change the availability zone, the instance class, and the preferred maintenance needs to match their specific needs. Also, the DB instance identifier and tags should be customized to meet user requirements.
Outputs:
The outputs section of the template instructs CloudFormation to output the names of the resources created. For example, in our case, we have instructed the template to output the names of the cluster, subnet, and parameter groups.
