Using aws docdb with us-east-1
TypeScriptTo set up an Amazon DocumentDB (with MongoDB compatibility) cluster using Pulumi in the
us-east-1
region, you will need to write a program that will define the necessary resources. Below is an explanation of how to approach this task, followed by a sample Pulumi program written in TypeScript.First, you’ll need to set up a virtual private cloud (VPC) and subnet group for DocumentDB as it needs to operate within a VPC. Then you'll create a DocumentDB cluster with a user and an instance within it. In AWS, a DocumentDB cluster is composed of one or more instances and managed by an AWS DocumentDB service.
Here’s an outline of the AWS resources we will define in our Pulumi program:
aws.ec2.Vpc
: The VPC where your DocumentDB cluster will be located.aws.ec2.Subnet
: The subnets associated with your VPC. DocumentDB requires a subnet in at least two availability zones for high availability.aws.ec2.SecurityGroup
: The security group which controls the traffic that is allowed to and from the DocumentDB instances.aws.docdb.SubnetGroup
: The DocumentDB subnet group that defines which subnets within your VPC the DocumentDB cluster can use.aws.docdb.Cluster
: The actual DocumentDB cluster resource.aws.docdb.ClusterInstance
: The instances that run within the DocumentDB cluster.aws.docdb.ClusterParameterGroup
: (Optional) A custom parameter group for the cluster.
Below is the TypeScript program for setting up a simple DocumentDB cluster:
import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; const config = new pulumi.Config(); const projectName = pulumi.getProject(); // Create a new VPC for the DocumentDB cluster const vpc = new aws.ec2.Vpc(`${projectName}-vpc`, { cidrBlock: "10.0.0.0/16", }); // Create subnets for the DocumentDB cluster const subnetA = new aws.ec2.Subnet(`${projectName}-subnet-a`, { vpcId: vpc.id, cidrBlock: "10.0.1.0/24", availabilityZone: "us-east-1a", }); const subnetB = new aws.ec2.Subnet(`${projectName}-subnet-b`, { vpcId: vpc.id, cidrBlock: "10.0.2.0/24", availabilityZone: "us-east-1b", }); // Create a security group for the DocumentDB cluster const docdbSecurityGroup = new aws.ec2.SecurityGroup(`${projectName}-docdb-sg`, { vpcId: vpc.id, description: "Allow traffic to DocumentDB", ingress: [ { protocol: "tcp", fromPort: 27017, toPort: 27017, cidrBlocks: ["0.0.0.0/0"] }, ], }); // Create a subnet group for the DocumentDB cluster const docdbSubnetGroup = new aws.docdb.SubnetGroup(`${projectName}-docdb-subnet-group`, { subnetIds: [subnetA.id, subnetB.id], }); // Create the DocumentDB cluster const cluster = new aws.docdb.Cluster(`${projectName}-cluster`, { engine: "docdb", masterUsername: "docdbadmin", masterPassword: "your-master-password", // Consider using Pulumi secret or AWS Secrets Manager dbSubnetGroupName: docdbSubnetGroup.name, vpcSecurityGroupIds: [docdbSecurityGroup.id], skipFinalSnapshot: true, }); // Create a DocumentDB cluster instance const clusterInstance = new aws.docdb.ClusterInstance(`${projectName}-instance`, { clusterIdentifier: cluster.clusterIdentifier, instanceClass: "db.r5.large", engine: "docdb", }); // Export the cluster endpoint to access the DocumentDB cluster export const clusterEndpoint = cluster.endpoint;
Make sure to replace
"your-master-password"
with a secure password or use Pulumi's secrets management to avoid hardcoding sensitive data in your code.This program starts by creating a new virtual private cloud (VPC) and two subnets across two different availability zones (for redundancy purposes). It then sets up a security group to control access to your DocumentDB cluster, allowing traffic on port 27017, which is the default port for DocumentDB and MongoDB. After creating a subnet group for DocumentDB, the script proceeds to create the actual DocumentDB cluster and an instance within that cluster. Finally, the endpoint of the DocumentDB cluster is exported, which can be used to connect to your database cluster.
Please take note of AWS charges for the resources you're provisioning and ensure you clean up resources that are no longer needed to avoid unnecessary charges.
To run this Pulumi program, you would need Pulumi CLI installed and AWS credentials configured through the AWS CLI or environment variables. Deploy this program by running
pulumi up
from your terminal in the directory containing this Pulumi program.