[DocumentDB] Install MongoDB on AWS Cloud

Introduce DocumentDB.

DocumentDB mongoDB.

• Aurora is an “AWS-implementation” of PostgreSQL/MYSQL…
• DocumentDB is the same for MongoDB (which is a NoSQL database)
• MongoDB is used to store, query, and index JSON data
• Similar “deployment concepts” as Aurora
• Fully Managed, highly available with replication across 3 AZ Aurora storage automatically grows in increments of 10GB, up to 64 TB.
• Automatically scales to workloads with millions of requests per seconds¹

Provisioning DocumentDB by Terraform.

để provision DocumentDB chúng ta chủ yếu tìm hiểu 2 resources này:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster_instance

chúng ta sẽ tìm hiểu 1 số value cần thiết thông qua config bên dưới:

resource "aws_docdb_cluster" "default" {
  count                           = module.this.enabled ? 1 : 0
  cluster_identifier              = module.this.id
  master_username                 = var.master_username
  master_password                 = var.master_password != "" ? var.master_password : random_password.password[0].result
  backup_retention_period         = var.retention_period
  preferred_backup_window         = var.preferred_backup_window
  preferred_maintenance_window    = var.preferred_maintenance_window
  final_snapshot_identifier       = lower(module.this.id)
  skip_final_snapshot             = var.skip_final_snapshot
  deletion_protection             = var.deletion_protection
  apply_immediately               = var.apply_immediately
  storage_encrypted               = var.storage_encrypted
  storage_type                    = var.storage_type
  kms_key_id                      = var.kms_key_id
  port                            = var.db_port
  snapshot_identifier             = var.snapshot_identifier
  vpc_security_group_ids          = concat([join("", aws_security_group.default[*].id)], var.external_security_group_id_list)
  db_subnet_group_name            = join("", aws_docdb_subnet_group.default[*].name)
  db_cluster_parameter_group_name = join("", aws_docdb_cluster_parameter_group.default[*].name)
  engine                          = var.engine
  engine_version                  = var.engine_version
  enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports
  tags                            = module.this.tags
}

cluster_identifier: This is the name you give to your DocumentDB cluster for identification
backup_retention_period: (Optional) parameter in the context of configuring an AWS DocumentDB cluster (or other database services) is crucial for defining how long your backups are retained (stored) before being automatically deleted. Default 1
preferred_backup_window: (Optional) specifies the daily time window during which automated backups are initiated, follows the format hh24:mi-hh24:mi.
– For example, 03:00-06:00 indicates a backup window that starts at 3:00 AM UTC and ends at 6:00 AM UTC.
– Time in UTC Default: A 30-minute window selected at random from an 8-hour block of time per regionE.g., 04:00-09:00
preferred_maintenance_window: (Optional) The weekly time range during which system maintenance can occur, in (UTC) e.g., wed:04:00-wed:04:30

skip_final_snapshot: (Optional) If set to true, no final snapshot is taken when the cluster is deleted. This can be risky because you won’t have a backup of your last state
final_snapshot_identifier: (Optional) A final snapshot is taken for backup before deleting the cluster. This setting specifies the name for that snapshot, which is set to a lowercase version of the cluster identifier.

deletion_protection: (Optional) If true, the cluster cannot be deleted, which helps prevent accidental loss of data. By default, deletion protection is disabled

apply_immediately: (Optional) Determines whether changes are applied immediately or during the next maintenance window. Default is false.

storage_encrypted: (Optional) When set to true, your data at rest in the cluster is encrypted. The default is false
storage_type: These settings configure the storage type. Valid values: standard, iopt1.
kms_key_id: (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to true.
port: (Optional) The port on which the DB accepts connections
snapshot_identifier: If specified, the cluster is created from this snapshot, effectively cloning or restoring from a backup.

Sau khi provisioning resource trên bạn sẽ được như dưới hình:

Sau khi chúng ta provisioning được con controller thì chúng ta tiếp tục provision các con instance:

resource "aws_docdb_cluster_instance" "default" {
 count                        = var.cluster_size
 identifier                   = "${var.cluster_name}-${count.index + 1}"
 cluster_identifier           = join("", aws_docdb_cluster.default[*].id)
 apply_immediately            = var.apply_immediately
 preferred_maintenance_window = var.preferred_maintenance_window
 instance_class               = var.instance_type
 engine                       = var.engine_db
 auto_minor_version_upgrade   = var.auto_minor_version_upgrade
 enable_performance_insights  = var.enable_performance_insights
 ca_cert_identifier           = var.ca_cert_identifier

}

identifier: Defines a unique identifier (name) for each cluster instance
instance_class: The instance class to use. For more details, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-class-specs
engine: The name of the database engine to be used for this DB cluster. Defaults to `docdb`
enable_performance_insights: (Optional) A value that indicates whether to enable Performance Insights for the DB Instance. Default false. See docs about the details.

sau khi bạn tạo xong kết quả như bên dưới:

Có một chỗ này khi mình sài navicat:

với hướng dẫn của AWS thì chúng ta phải sài file .pem

mongodb://txxxxn:<insertYourPassword>@mongodb.cluster-xxxxxx.us-west-2.docdb.amazonaws.com:27017/?tls=true&tlsCAFile=global-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false

Bạn có sài URL như thế này không cần file .pem
ssl=true là ok

mongodb://<username>:<pass_word>@mongodb.cluster-xxxxx.us-west-2.docdb.amazonaws.com:27017/?ssl=true&authSource=admin&tlsAllowInvalidCertificates=true&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false

DocumentDB Terraform module

https://registry.terraform.io/modules/mrnim94/documentdb-mongodb/aws/latest

data "aws_vpc" "selected" {
  tags = {
    Name = "dev-mdcl-nim-engine" # Replace with your VPC's tag name
  }
}

data "aws_subnets" "private_networks" {
  filter {
    name   = "vpc-id"
    values = [data.aws_vpc.selected.id]
  }

  filter {
    name   = "tag:kubernetes.io/role/internal-elb"
    values = ["1"]
  }
}


module "documentdb-mongodb" {
  source  = "mrnim94/documentdb-mongodb/aws"
  version = "0.0.8"
  vpc_id = data.aws_vpc.selected.id
  subnet_ids = data.aws_subnets.private_networks.ids
  cluster_name = "mongodb"
  engine_version = "5.0.0"
  cluster_family = "docdb5.0"
  allow_major_version_upgrade = true
  retention_period = 35
  instance_type = "db.t3.medium"
  cluster_size = 1
  allowed_cidr_blocks = [data.aws_vpc.selected.cidr_block,"10.195.8.0/21"]
}