You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

This article helps a user create a document database cluster with a single primary instance using a CloudFormation template. A document database is important when a user wants to run Mongo database workloads on AWS (Amazon Web Services). The Amazon DocumentDB (with MongoDB compatibility) is a scalable, fully managed, fast and highly available document database service that supports MongoDB workloads.

This managed non-relational database service makes it easier to store, query and index JSON data. This database service is designed from the ground-up to give guarantee scalability, performance, and availability you need when operating mission-critical MongoDB workloads at scale.

Setup Pre-requisites

The user will need to have:

  • An AWS Account
  • Created a user with permissions to create resources on the AWS Account
  • An IDE like visual studio code to write and edit your CloudFormation Template.

CloudFormation Template used

Kindly find below the CloudFormation Template. The template will create:

  • The database instance security group.
  • Database subnet group.
  • The database parameter group.
  • Document database Cluster.
  • Database instance.
---
AWSTemplateFormatVersion: "2010-09-09"
Description: Template to Create a document DB parameter group, subnet group and cluster

Parameters:
  VPC:
    Type: String
    Description: The VPC to create the cluster
    Default: vpc-ID

  PrivateSubnet01:
    Type: String
    Description: The subnet for the DB cluster
    Default: subnet-ID

  PrivateSubnet02:
    Type: String
    Description: The subnet for the DB cluster
    Default: subnet-ID

  MasterUsername:
    Type: String
    Description: The username for our database.
  
  MasterUserPassword:
    Type: String
    Description: The password for the database.
    "NoEcho": true

Resources:
   DBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "DB instances security group"
      GroupName: "test-db-instance-SG"
      VpcId: !Ref VPC
      SecurityGroupIngress: 
        - 
          CidrIp: "*.*.*.*/32"
          FromPort: 22017
          IpProtocol: "tcp"
          ToPort: 22017
      SecurityGroupEgress: 
        - 
          CidrIp: "0.0.0.0/0"
          IpProtocol: "-1"
      
   DBSubnetGroup: 
    Type: AWS::DocDB::DBSubnetGroup
    Properties: 
      DBSubnetGroupDescription: "test document db subnet group"
      DBSubnetGroupName: "eu-central-1-test-db-subnet-group"
      SubnetIds: 
        - !Ref PrivateSubnet01
        - !Ref PrivateSubnet02
      Tags: 
        - Key: Name
          Value: eu-central-1-test-db-subnet-group
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test

   DBParameterGroup:
    Type: AWS::DocDB::DBClusterParameterGroup
    Properties:
      Description: "our test document db parameter group"
      Family: docdb3.6
      Name: test-db-parameter-group
      Parameters: 
        audit_logs: "disabled"
        tls: "enabled"
        ttl_monitor: "enabled"
      Tags: 
        - Key: Name
          Value: eu-central-1-test-db-cluster
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test

   DBCluster:
    Type: AWS::DocDB::DBCluster
    Properties: 
      BackupRetentionPeriod : 5
      DBClusterIdentifier : eu-central-1-test-db-cluster
      DBClusterParameterGroupName : !Ref DBParameterGroup
      DBSubnetGroupName : !Ref DBSubnetGroup
      MasterUsername : !Ref MasterUsername
      MasterUserPassword : !Ref MasterUserPassword
      Port : "27017"
      PreferredBackupWindow : "23:00-23:59"
      PreferredMaintenanceWindow : "sun:00:00-sun:05:00"
      VpcSecurityGroupIds:
        - !Ref DBSecurityGroup
      StorageEncrypted : true
      Tags: 
        - Key: Name
          Value: eu-central-1-test-db-cluster
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test

   DBInstance:
    Type: AWS::DocDB::DBInstance
    Properties:
      AutoMinorVersionUpgrade: true
      AvailabilityZone: "eu-west-1a"
      DBClusterIdentifier: !Ref DBCluster
      DBInstanceClass: "db.t3.medium"
      DBInstanceIdentifier: "test-cluster-instance-1"
      PreferredMaintenanceWindow: "sun:00:00-sun:05:00"
      Tags: 
        - Key: Name
          Value: eu-central-1-test-db-instance
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test

Outputs:
   Cluster:
    Description: The DB Cluster Name
    Value: !Ref DBCluster
    
   SubnetGroup:
    Description: The db subnet group name 
    Value: !Ref DBSubnetGroup

   ParameterGroup:
    Description: The db subnet group name 
    Value: !Ref DBParameterGroup

We can deploy the CloudFormation Template using a CloudFormation stack.

The Template Explained

The template comprises 3 sections. The Parameters, Resources and Outputs sections.

Parameters:

In the resources section, we require the user to input the dynamic variables of their template. For our case, the user should replace the VPC and subnet ID’s with their respective VPC and subnet ID’s. Also, the user will be prompted to input their database master username and password. Kindly ensure that you do not use admin as the master username.

Resources:

Here the user defines the AWS resources to create. For our case, we start by creating the database instance security group. The user should change the security group ingress to reflect the CIDR IP Block that they would like to permit access to the Database instances.

Next, it creates the DB subnet and parameter groups. The subnet group defines the subnets where the database cluster and instances are created. The parameter group allows you to manage your database engine configurations. The user should go through the parameter group properties and change to their specific requirements. Also, the user should pay attention to the names and tags to customize as needed.

Then the document database cluster is created. Just as above, the user should go through all the cluster properties and change them to match their requirements.

Finally, the DB Instance is created. However, the user should go through the template and change the availability zone, the instance class, and the preferred maintenance needs to match their specific needs. Also, the DB instance identifier and tags should be customized to meet user requirements.

Outputs:

The outputs section of the template instructs CloudFormation to output the names of the resources created. For example, in our case, we have instructed the template to output the names of the cluster, subnet, and parameter groups.

Happy Building!!!

You can support us by downloading this article as PDF from the Link below. Download the guide as PDF