How to Create a DocumentDB and use it from Lambda

 




Everybody loves MongoDB and there are a lot of way to use it: deploy it in an EKS or K8s, an Atlas installation or even deploy on premis.


Only the Atlas way gives you the power of easy management, because the service is totally owned by the vendor.


There is another solution if you want to use it in AWS: DocumentDB, which is a partially managed service Database totally compatible with MongoDB. It gives you the power to have patching managed by Amazon but requires - believe or not - a little bit of confidence on networking.


ASSUMPTIONS


To create the cluster AWS needs to be sure that if an instance can be added, there is a chance to work in an high availability zone. It means that you need to create a VPC spanned into multiple AZ and different subnets should work in different AZ.

VPC


We will use aws cli for all.

In our case we will create a VPC with just 2 subnets, each in a different Availability zone. 


We will save vpc id and subnet id: the first is important for querying, the second is used to setup the lambda, we will investigate later

We will create 2 ingress rules: 
  • the first is 22 from internet (this is intended to be used if you will create a bridge machine for tunneling, opened to internet and accessed by your local machine)
  • the second is 27017 accessed from the Cidr of the VPC, because the Lambda will be deployed there and need to access to the database.


DOCUMENT DB


Now we will create the subnet group which is fundamental to let DocumentDB cluster to create instance on that (and so use the related VPC, because without specification the default VPC is used)

The subnet group of course is related to DocumentDB and contains the 2 subnets created before



Now it's time to create the cluster. We will pass the security group we have created in VPC and the subnet group just created, this will deploy the instance inside that VPC



As you can see we will save the endpoint (we will use it in our template) and will ping for Cluster creation. The process will stop when status is available. This is not the best way, because there is no "catch" of other negative status, but this is just for testing.

Now we can create the instance




The instance is created inside the cluster and the script will wait for status. Same considerations we did before for availability (it's just for test)

The instance type is the less expensive we can: for our experiment there are no problem.



LAMBDA


The Lambda is deployed using AWS Cloud Formation. We will concentrate only to what we need for using documentDB, the rest will be not investigated.

TEMPLATE



As you can see, the securityGroupIds is the one we created before, the subnetIDs are the 2 subnet we created before. This means that the Lambda is deployed inside that VPC, no matter which subnet.

We saved the Cluster endpoint and we will use it as Environment Variables, together with cluster username and password (we need it for string connection)

Regarding the roles/permissions it is important to give to the AWS the ability to be deployed inside the VPC we specified through subnets. This means the ability to describe the vpc, security group and so on











DOCKER

To connect to the cluster, we need to use the certificate exposed by AWS and use it as Certificate Authority. There are many way to do, I choose to make it using Docker




We download the global.pem, we create the truststore and we use save it near the Jar so we can refer it without using path.


CODE

There is no Spring here, so we need to use the mongodb client. We will use the sync version and we will import also apache httpcomponent because we need to create the SSL context


To create, we will use a static method in a static class and we will connect, creating the ssl context (using apache). The connection string is setup using environment variables


The log "Asking for strategy" is to be sure that code is traversing the TrustStrategy. Maybe returning true is not the right way, we need to use the normal way of trusting certificate.

We will see just the GET, which will use regex to search into the title of Movie collections of database



The catch is not correct, we must throw an exception from there or "register" an "either" exception, and then throwing it.

CONCLUSION

Creating DocumentDB cluster is not so fast and accessing it from a Lambda needs to have a dedicated VPC and security group well connected to instances and to the Lambda himself.

Then we can't use spring Data so we need to use native client and maybe we are not so able to do it

Probably there are many utilities/tools/libraries that perform data binding and so on.












Commenti

Posta un commento

Post popolari in questo blog

HTML and AI - A simple request, and a beautiful response for ElasticSearch without Kibana

Immagine
THE PROBEM I recently installed an ElasticSearch in a Docker environment and I want to be sure that it is working, before waiting the consumers start to connect to it. The Container is started using a volume which was cloned from another Docker installation, so it was not empty: we already have some indexes and some documents. I want to be sure that everything was available but I don't have any Kibana installation (and I can't install it at all). So only API was available and I need to check something  ElasticSearch REST APIs THE FIRST SOLUTION If you ask to Microsoft Copilot how to interact with ElasticSearch api, it will reply by suggesting: curl scripting postman But the interaction is not so human readable and it is quite noisy to write the commands. I want to have something to be easily used but I don't want to spend to much time on that. I need an accelerator THE SECOND SOLUTION I know that there is such an api to ask to ElasticSearch the list of indexes. And I also k...
Continua a leggere

A simple CD using AWS Pipeline

Immagine
  CD is a friend in software development: there is no other way to speed up feedback from your application without having a solid Continuous Deployment. I am skipping continuous integration because all of this examples are related to single repo.. where the only developer allowed to commit code it's me: the integration is with my self :) In this example we will create an automation related to a simple situation where we have a LambdaFunction exposed through an ApiGateway, where the lambda function is running a docker image. There are infinite ways of creating and managing Lambda and pipelines of course, but in this example we will use: CodeCommit to store the code ECR to store the code CloudFormation to create and update all the infrastructure. CodeBuild to create the artifacts we need Let's see it CODE COMMIT     To easily have a repository to store the code and to have a natural integration with AWS echosystem, I decided to use Code commit. Code is structured as other e...
Continua a leggere

Websocket Chat with Lambda (but all in Java)

Immagine
  I don't know if I am not able to perform search on Internet (I doubt it) but every examples of websocket chat created with Lambda was all created using Node.js. And I can cheat on Java, that's my love. So I decided to transform the usual chat into a Java project, by of course performing some changes in order to be easy to check if it works.  THE IDEA The idea behind the project is simple: a simple WebSocket API exposed with api gateway with 4 different route and a unique Lambda who is in charge to serve each request. The change I made is about the name registration: instead of just propagate the message to other connected users, I want to have the way to register a name for chat users so every time a message is published, the receiver can see who sent the message. As I said in other project, this is to be intended for testing purpose, so there are really infinite ways to do have the same behavior maybe in a better way. THE PROJECT The entire project is based on cloud formati...
Continua a leggere