Not able to connect to AWS DocumentDB from AWS Lambda (using Java)

I want to connect to AWS DocumentDB cluster from AWS Lambda (using Java). TLS is enabled for cluster so I need to import the certificates to truststore. Not able to find any document around this on how to proceed.

Upvotes: 1

Answers (2)

herbertgoto

Reputation: 359

I encourage you to avoid packaging the cert as part of your Lambda code. Instead you can get it dynamically from Amazon S3. This will avoid future issues in the future when the cert is rotate. Following a python example:

#Function to download the current docdb certificate
    def getDocDbCertificate():
        try:
            print('Certificate')
            clientS3.Bucket('rds-downloads').download_file('rds-combined-ca-bundle.pem', '/tmp/rds-combined-ca-bundle.pem')
        except botocore.exceptions.ClientError as e:
            if e.response['Error']['Code'] == "404":
                print("The object does not exist.")
            else:
                raise

For you to do that, the role of your Lambda needs permissions to get the object from S3 and S3 access via the Internet or a VPC endpoint.

Upvotes: 0

Atul Sharma

Reputation: 10730

You need to store https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem file to certstore before connecting to documentDB otherwise it will not work.

Their are many ways to import certificates using code during runtime.

Ref : How to import a .cer certificate into a java keystore?

After importing cert, you can connect to documentDB, reference code can be found here :-

https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html

Upvotes: 1

Not able to connect to AWS DocumentDB from AWS Lambda (using Java)

Answers (2)

Related Questions