Choose the region where you want to lactate your infrastructure
Create VPC
Setup Postgres RDS
* Then you will need to provide the DB credential for our team.
NextSetup MongoDB on the EC2 instance
* Save pem key in your secure vault.
Setup bastion instance for access to DBS
Setup MongoDB
Connect to bastion
ssh -i my-project.pem ubuntu@3.82.141.206
Copy my-project.pem on the bastion
Connect to mongo instance
ssh -i my-project.pem ubuntu@172.18.41.49
Configure data disk
mkfs.xfs /dev/xvdb mkdir /var/lib/mongodb disk=`blkid | grep xvdb | awk '{print $2}'` echo "$disk /var/lib/mongodb xfs nodev,nosuid,noatime 0 2" >> /etc/fstab mount -a
Setup mongodb:
apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add - echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list echo "deb http://security.ubuntu.com/ubuntu impish-security main" | sudo tee /etc/apt/sources.list.d/impish-security.list apt update apt install -y libssl1.1 apt install -y mongodb-org systemctl enable mongod systemctl restart mongod
Configure mongo:
Login to mongo
mongo
Create users (Change “USER“, “PASSWORD“, ‘ADMIN_PASSWORD‘ on your data):
use admin db.createUser({ user: "USER" , pwd: "PASSWORD", roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]}) var role = { role: "mongostatRole", privileges: [ { resource: { cluster: true }, actions: [ "serverStatus" ] } ], roles: [] } var auser = { "user" : 'admin', "pwd" : 'ADMIN_PASSWORD', roles : [ { "role" : "userAdmin", "db" : "admin" }, { "role" : "mongostatRole", "db" : "admin" } ] } use admin db.createRole(role); db.createUser(auser); exit
Configure mongo
Create mongodb.pem from your wildcard SSL certificate and key
cat cert.crt cert.key > mongodb.pem
Create ca.pem from your wildcard SSL certificate and SSL certificate chain
cat cert.crt cert_chain.pam > ca.pem
Create folder /admin on the server and copy mongodb.pem and ca.pem on it
Modify /etc/mongod.conf
storage: dbPath: /var/lib/mongodb journal: enabled: true systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log net: port: 27017 bindIp: 0.0.0.0 ssl: mode: requireSSL PEMKeyFile: /admin/mongodb.pem CAFile: /admin/ca.pem disabledProtocols: "TLS1_1,TLS1_2" allowConnectionsWithoutCertificates: true security: authorization: 'enabled'
Add mongo host to hosts
echo “127.0.0.1 mongo.your.domain” >> /etc/hosts
Restart mongo
systemctl restart mongod
Check connections
mongo --ssl --sslAllowInvalidCertificates --host mongo.your.domain --username admin --password ADMIN_PASSWORD --authenticationDatabase admin
*You also need to setup any mongodb backups that are suitable for you.
NextNext setup continue on our side. You need to provide for our team next data:
AWS region
VPC ID and Owner ID
Postgres DB connections parameters host, port, user, dbname, password
Mondo DB connections parameters host IP, port, user, password
Your SSL wildcard certificate, chain and key.