Step by step DB setup on AWS | SDK.finance

Choose the region where you want to lactate your infrastructure

Create VPC

Setup database
Templates
Settings
Setup Storage
Connectivity
Database authentication

Setup MongoDB on the EC2 instance

Launch instance
Key pair
Network settings
Configure storage

Setup bastion instance for access to DBS

Setup MongoDB

Connect to bastion

ssh -i my-project.pem ubuntu@3.82.141.206

Copy my-project.pem on the bastion
Connect to mongo instance

ssh -i my-project.pem ubuntu@172.18.41.49

Configure data disk

mkfs.xfs /dev/xvdb
mkdir /var/lib/mongodb
disk=`blkid | grep xvdb | awk '{print $2}'`
echo "$disk /var/lib/mongodb xfs nodev,nosuid,noatime 0 2" >> /etc/fstab
mount -a

Setup mongodb:

apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common
wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
echo "deb http://security.ubuntu.com/ubuntu impish-security main" | sudo tee /etc/apt/sources.list.d/impish-security.list
apt update
apt install -y libssl1.1
apt install -y mongodb-org
systemctl enable mongod
systemctl restart mongod

Configure mongo:
Login to mongo

mongo

Create users (Change “USER“, “PASSWORD“, ‘ADMIN_PASSWORD‘ on your data):

use admin
db.createUser({ user: "USER" , pwd: "PASSWORD", roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]})
var role = {
     role: "mongostatRole",
     privileges: [
       { resource: { cluster: true }, actions: [ "serverStatus" ] }
     ],
     roles: []
}
var auser = {
  "user" : 'admin',
  "pwd" : 'ADMIN_PASSWORD',
  roles : [
      {
          "role" : "userAdmin",
          "db" : "admin"
      },
      {
          "role" : "mongostatRole",
          "db" : "admin"
      }
  ]
}
use admin
db.createRole(role);
db.createUser(auser);
exit

Configure mongo
Create mongodb.pem from your wildcard SSL certificate and key

cat cert.crt cert.key > mongodb.pem

Create ca.pem from your wildcard SSL certificate and SSL certificate chain

cat cert.crt cert_chain.pam > ca.pem

Create folder /admin on the server and copy mongodb.pem and ca.pem on it
Modify /etc/mongod.conf

storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
net:
  port: 27017
  bindIp: 0.0.0.0
  ssl:
    mode: requireSSL
    PEMKeyFile: /admin/mongodb.pem
    CAFile: /admin/ca.pem
    disabledProtocols: "TLS1_1,TLS1_2"
    allowConnectionsWithoutCertificates: true
security:
  authorization: 'enabled'

Add mongo host to hosts

  echo “127.0.0.1 mongo.your.domain” >> /etc/hosts

Restart mongo

  systemctl restart mongod

Check connections

  mongo --ssl --sslAllowInvalidCertificates --host mongo.your.domain --username admin --password ADMIN_PASSWORD --authenticationDatabase admin

*You also need to setup any mongodb backups that are suitable for you.

Next setup continue on our side. You need to provide for our team next data:

AWS region

VPC ID and Owner ID

Postgres DB connections parameters host, port, user, dbname, password

Mondo DB connections parameters host IP, port, user, password
Your SSL wildcard certificate, chain and key.