get-started-aws-cfn:立即开始将MongoDB Atlas与AWS CloudFormation结合使用!

  • J9_673905
  • 13.8KB
  • zip
  • 0
  • VIP专享
  • 0
  • 2022-06-03 15:00
入门AWS CloudFormation 存储库可帮助您开始将MongoDB Atlas与AWS CloudFormation(CFN)结合使用。 信息 此入门项目提供了一种快速简便的方法,可以使用的和来完整的MongoDB Atlas部署。 这包括: 1个MongoDB Atlas项目 1个MongoDB Atlas M10集群 1个AWS IAM角色 1个MongoDB Atlas数据库用户(类型:AWS IAM角色) 1个MongoDB Atlas项目IP访问列表条目 1个AWS VPC对等连接(可选)[TODO /需要添加此选项以开始使用] 输出包括一个支持AWS Lambda的IAM角色以及与您的MongoDB Atlas集群的连接字符串。 注意该项目将在MongoDB Atlas上创建一个专用的集群,这不是免费的! (TODO-做得更好) 先决条件 AWS工具 为了使
  • get-started-aws-cfn-main
  • policy.yaml
  • Dockerfile
# Get-Started AWS CloudFormation Repository to help getting started with using MongoDB Atlas with AWS CloudFormation (CFN). ## Information This Get-Started project provides a quick and simple way to use the [AWS Quick Start for MongoDB Atlas]( and the [MongoDB Atlas CloudFormation resources]( to provision a complete MongoDB Atlas deployment. This includes: * 1 MongoDB Atlas project * 1 MongoDB Atlas M10 cluster * 1 AWS IAM role * 1 MongoDB Atlas database user (Type: AWS IAM role) * 1 MongoDB Atlas project IP Access List entry * 1 AWS VPC peering connection (optional) [TODO/ need add this option to get-started] The outputs include an AWS Lambda-ready IAM Role and connection string to your MongoDB Atlas cluster. *NOTE* This project will create a dedicated cluster on MongoDB Atlas, which will is not free! (TODO - make nicer) ## Pre-requisites ### AWS Tooling In order to use this Get-Started project, you need to install the AWS CLI on your machine. You can download and install from You will also need an AWS account with appropriate CloudFormation and IAM permissions. Please see the section [AWS IAM Permissions](#aws-iam-permissions) for details. ### Docker You will need to have Docker running on your machine. You can download and install Docker from ### `mongocli` The best way to manage your MongoDB Atlas API Keys today is via the [mongocli]( This project can leverage your `mongocli` configuration. ### MongoDB Atlas In order to execute the code example, you need to: * Sign up for a [MongoDB Atlas account]( * Create an organization-level [MongoDB Atlas Programmatic API Key]( The key needs `Organization Project Creator` permissions. Once created, run `mongocli config` and enter the Atlas API Key you just created. ## Execution Steps ### Deploy MongoDB Atlas CFN Resources into your AWS Region #### `` 1. Execute the helper shell setup script to complete this step. This will package and deploy the MongoDB Atlas CloudFormation resources into your current default AWS region: ``` ./ ``` You can optionally pass in the AWS region or change your local AWS CLI configuration. ``` ./ us-west-2 ``` or ``` aws configure set region eu-west-3 ./ ``` Note this step can take up to 45 minutes to run. Run this step once in each region you wish to use. Once complete, you will find a set of CFN Stacks for the MongoDB Atlas resources. #### `` 2. Execute the helper shell starter script, optionally providing a MongoDB Atlas project name. The output from `` helper script will inform you of the details for your new MongoDB Atlas deployment, including AWS IAM role and cluster connection string information for you applications. Note this step typically takes 7-10 minutes. If you have installed `mongocli`, run: ``` ./ <GETSTARTED_NAME> ``` Or you can explicitly set the API key or get prompted: ``` ./ <PUBLIC_KEY> <PRIVATE_KEY> <ORG_ID> <GETSTARTED_NAME> ``` Once successful, you should be able to access your new deployment through the AWS console, AWS CLI, MongoDB Atlas console, or `mongocli`. ## Connecting to your cluster You can see the connection information in the AWS CloudFormation stack output. ```bash GETSTARTED_NAME="get-started-aws-quickstart" MDB=$(aws cloudformation list-exports | \ jq -r --arg stackname "${GETSTARTED_NAME}" \ '.Exports[] | select(.Name==$stackname+"-ClusterSrvAddress") | .Value') echo "Found stack:${GETSTARTED_NAME} with ClusterSrvAddress: ${MDB}" ``` _Note_ This example requires the `jq` tool. See ### Testing AWS IAM connection There is a helper script [](./ available to script passing AWS IAM session credentials into the `mongo` shell. To use this, pass the STACK_NAME as a parameter: ```bash ./ NewRoleBased-1 Found stack:NewRoleBased-1 with ClusterSrvAddress: mongodb+srv:// STACK_ROLE={ "StackResources": [ { "StackName": "NewRoleBased-1", ... MongoDB shell version v4.4.1 connecting to: mongodb://,, ... PRIMARY> ``` ## Tear Down To remove the environment setup (deleting traces of this get-started project): * Delete the Quick Start stack from the AWS console or CLI, or by using this helper script: ``` ./ <GETSTARTED_NAME> ``` * Terminate the `` process if it's running. This is to stop the web service on `localhost:3000`. * Delete the AWS CloudFormation stack created, by default this will have the <Quick Start-Name>: ``` aws cloudformation delete-stack --stack-name <Quick Start-Name> ``` * Remove the Docker volumes * Remove the Docker image ## Tutorials TODO - add links to repos, example stacks, using this with lambda ## About This project is part of the MongoDB Get-Started code examples. Please see [get-started-readme]( for more information. ## Developer Notes Not required unless needing to refesh with latest resource source code. This will build a fresh image of the resources for stable distribution. Build Docker image with a tag name. Within the top level directory execute: ``` docker build . -t mongodb-developer/get-started-aws-cfn ``` This will build a docker image with a tag name `get-started-aws-cfn`. *NOTE* Currently the source repositories are private which will prevent a clean build without proper Github ssh access. A pre-build image has been upload for convience until these repos become public: `mongodb-developer/get-started-aws-cfn`. To build the container - need this: ``` export DOCKER_BUILDKIT=1 docker build --ssh github=$HOME/.ssh/id_rsa -t atlas-aws . ``` This docker image is currently built internally and published to: ## Troubleshoot ### Check access to Docker image Try this command to check if you can access the Docker image required for this project. ```bash docker run -it "head -1 /quickstart-mongodb-atlas-resources/" # MongoDB Atlas AWS CloudFormation Resources & Quickstart ``` ## AWS IAM permissions In order to run this project you will need a certain set of AWS permissions. We've included a sample minimal example [policy.yaml](./policy.yaml), which you can assume safely and use with this project. First, create a new AWS IAM role with the supplied policy. Here's how to do that via AWS CloudFormation: ``` aws cloudformation update-stack --capabilities CAPABILITY_NAMED_IAM --template-body file://./policy.yaml --stack-name get-started-aws-cfn-role ``` You can then assume the role with `aws sts assume-role`. We recommend this for exporting your AWS environment into the Docker environment to run this project, like this (note you need to change the --role-arn to the arn create in the step above). ``` source <(aws sts assume-role --role-arn arn:aws:iam::<YOUR_AWS_ACCOUNT>:role/MongoDB-Atlas-CloudFormation-Get-Started --role-session-name "get-started" | jq -r '.Credentials | @sh "export AWS_SESSION_TOKEN=\(.Session