AWS EC2 / Mongo Atlas AWS

[ExiledEnemy]

Hello friends,

After having wasted two days of my life trying to setup a server, I thought I'd try to put my lessons learnt into words and capture this so that you don't need to go through the same pain I did.

I've used AWS (Amazon) a couple of times before for work purposes with success and was quite familar with the UI etc, so I decided to go the AWS route.

 

I've been building my game using MongoDB, as I guess it just felt more naturaly for the type of data we deal with and the type of transactions I'd be using.  This alone has been a massive learning experiance, having been working with SQL based databases for almost 15 years.  However, having come over the hurdle of trying to figure it out, I do think it was the better choice for this use case.

I knew that Mongo was a bit of a performance hog, that was partly the reason I wanted to get it moved to a server, so trying to plan ahead, I didn't want my serverside rage running in the same instance as the database.  This makes most sense from a performance, security and sizing perspective.

 

I decided to go with Mongo Atlas (which is a managed cloud implementation of Mongo, by Mongo themselves) and decided to deploy this onto AWS on an M10 instance.

For the serverside rage instance, I went with AWS EC2 T3a Large.

 

First problem was that whilst both instances were technically on AWS, the Mongo side is a managed server, and I ONLY wanted to my EC2 server and my home IP to be able to comminicate with the database.  I didn't want any open inbound ports open which weren't whitelisted by IP.

 

The solution to this problem was using Mongo Atlas Peering to connect to the EC2 instance via a VPC (virtual private cloud).

There is a youtube video by mongo on setting this up, ignore it, it's completely useless.

This guide however is pretty good https://docs.pritunl.com/docs/mongodb-atlas

 

Lessons Learnt:

1. Setup your host server first on AWS
2. Ensure that you create an elastic IP (which if essentially a static IP, but you can move it around between your instances, hence elastic)
3. You MUST assign your elastic IP to the Network Interface as the public IP for the internet gateway.  DO NOT assign the EIP directly to your EC2 instance.
4. Create a MongoDB Atlas instance, making sure that it is creating in the same AWS region as the EC2 instance.  (this can be confusing in itself, as depending on the page you're looking at the regions can look different, such as EU_WEST_1B is the same region as EU_WEST_1).
5. Follow the above guide to:
   1. Setup peering on the Atlas side
   2. Approve the peering request on the AWS side
   3. Add the correct entry into the AWS VPC route
   4. and finally ensure you add the Host VPC IP back to Atlas as the whitelisted IP
6. Once you've done this, YOU MUST, make sure that you've manually maintained the firewall in whatever OS you're using on host side.  I used Windows on AWS, but the same applies to anything.
   1. Add 27015 - 27017 as open INBOUND ports for both TCP and UDP
7. Using the Atlas web client, click on the connect button and navigate to Mongo Shell, download the files and put them into the C:/ of your host
   1. Fire up mongo shell and try to connect using the connection string
8. Again, using Atlas web client, click the connect button and navigvate to Mongo Compass, download, install
   1. Fire up Mongo compass and try to connect using the connection string
9. Now using compass create a database and collection in the database
10. On the atlas web client, create another user account specifically to be used by your application on the host as Read/Write only.
11. Finally, using Atlas web client, click the connect button and navigate to "from application", select the correct language and version and grab the string, replacing the <user><password> with your credentials
12. Stick the connection string into your app and away you go

I know all of that seems quite straight forward and something obvious, but particularly the peering setup is pretty much not document correctly and the Inbound Ports is documented, but it's hidden away somewhere thats no obvious, everything gives mention to 27017 port, but this does not work on its own.

 

Edited May 5, 2019 by ExiledEnemy