Choose the region where you want to locate your infrastructure
Create VPC
Setup Postgres RDS
* Then you will need to provide the DB credential for our team.
NextSetup MongoDB on the EC2 instance
* Save pem key in your secure vault.
Setup bastion instance for access to DBS
Setup MongoDB
Connect to bastion
ssh -i my-project.pem ubuntu@3.82.141.206
Copy my-project.pem on the bastion
Connect to mongo instance
ssh -i my-project.pem ubuntu@172.18.41.49
Configure data disk:
sudo -i mkfs.xfs /dev/xvdb mkdir /var/lib/mongodb disk=`blkid | grep xvdb | awk ‘{print $2}’` echo “$disk /var/lib/mongodb xfs nodev,nosuid,noatime 0 2” >> /etc/fstab mount -a chown mongodb:mongodb /var/lib/mongodb
sudo -i | |
mkfs.xfs /dev/xvdb | |
mkdir /var/lib/mongodb | |
disk=`blkid | grep xvdb | awk ‘{print $2}’` | |
echo “$disk /var/lib/mongodb xfs nodev,nosuid,noatime 0 2” >> /etc/fstab | |
mount -a | |
chown mongodb:mongodb /var/lib/mongodb |
Setup mongodb:
apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common wget -qO – https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add – echo “deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list apt update apt install -y mongodb-org systemctl enable mongod systemctl restart mongod
apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common | |
wget -qO –<a href="https://www.mongodb.org/static/pgp/server-5.0.asc" rel="nofollow" target="_blank"> https://www.mongodb.org/static/pgp/server-5.0.asc</a> | sudo apt-key add – | |
echo “deb [ arch=amd64,arm64 ]<a href="https://repo.mongodb.org/apt/ubuntu" rel="nofollow" target="_blank"> https://repo.mongodb.org/apt/ubuntu</a> focal/mongodb-org/5.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list | |
apt update | |
apt install -y mongodb-org | |
systemctl enable mongod | |
systemctl restart mongod |
Configure mongo: login to mongo:
[copy_code title="Configure data disk:"]mongo
[copy_code title="Configure data disk:"]mongo |
use admin db.createUser({ user: “USER” , pwd: “PASSWORD”, roles: [“userAdminAnyDatabase”, “dbAdminAnyDatabase”, “readWriteAnyDatabase”]}) var role = { role: “mongostatRole”, privileges: [ { resource: { cluster: true }, actions: [ “serverStatus” ] } ], roles: [] } var auser = { “user” : ‘admin’, “pwd” : ‘ADMIN_PASSWORD’, roles : [ { “role” : “userAdmin”, “db” : “admin” }, { “role” : “mongostatRole”, “db” : “admin” } ] } use admin db.createRole(role); db.createUser(auser); exit
use admin | |
db.createUser({ user: “USER” , pwd: “PASSWORD”, roles: [“userAdminAnyDatabase”, “dbAdminAnyDatabase”, “readWriteAnyDatabase”]}) | |
var role = { | |
role: “mongostatRole”, | |
privileges: [ | |
{ resource: { cluster: true }, actions: [ “serverStatus” ] } | |
], | |
roles: [] | |
} | |
var auser = { | |
“user” : ‘admin’, | |
“pwd” : ‘ADMIN_PASSWORD’, | |
roles : [ | |
{ | |
“role” : “userAdmin”, | |
“db” : “admin” | |
}, | |
{ | |
“role” : “mongostatRole”, | |
“db” : “admin” | |
} | |
] | |
} | |
use admin | |
db.createRole(role); | |
db.createUser(auser); | |
exit |
Configure mongo: Create mongodb.pem from your wildcard SSL certificate and key:
cat cert.crt cert.key > mongodb.pem
cat cert.crt cert.key > mongodb.pem |
Create ca.pem from your wildcard SSL certificate and SSL certificate chain:
cat cert.crt cert_chain.pam > ca.pem
cat cert.crt cert_chain.pam > ca.pem |
Create folder /admin on the server and copy mongodb.pem and ca.pem on it.
Modify /etc/mongod.conf:
storage: dbPath: /var/lib/mongodb journal: enabled: true systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log net: port: 27017 bindIp: 0.0.0.0 ssl: mode: requireSSL PEMKeyFile: /admin/mongodb.pem CAFile: /admin/ca.pem disabledProtocols: “TLS1_1,TLS1_2” allowConnectionsWithoutCertificates: true security: authorization: ‘enabled’
storage: | |
dbPath: /var/lib/mongodb | |
journal: | |
enabled: true | |
systemLog: | |
destination: file | |
logAppend: true | |
path: /var/log/mongodb/mongod.log | |
net: | |
port: 27017 | |
bindIp: 0.0.0.0 | |
ssl: | |
mode: requireSSL | |
PEMKeyFile: /admin/mongodb.pem | |
CAFile: /admin/ca.pem | |
disabledProtocols: “TLS1_1,TLS1_2” | |
allowConnectionsWithoutCertificates: true | |
security: | |
authorization: ‘enabled’ |
Add mongo host to hosts:
echo “127.0.0.1 mongo.your.domain” >> /etc/hosts
echo “127.0.0.1 mongo.your.domain” >> /etc/hosts |
Restart mongo:
systemctl restart mongod
systemctl restart mongod |
Check connections:
mongo –ssl –sslAllowInvalidCertificates –host mongo.your.domain –username admin –password ADMIN_PASSWORD –authenticationDatabase admin
mongo –ssl –sslAllowInvalidCertificates –host mongo.your.domain –username admin –password ADMIN_PASSWORD –authenticationDatabase admin |
*You also need to setup any mongodb backups that are suitable for you.
NextNext setup continue on our side. You need to provide for our team next data:
AWS region
VPC ID and Owner ID
Postgres DB connections parameters host, port, user, dbname, password
Mondo DB connections parameters host IP, port, user, password
Your SSL wildcard certificate, chain and key.