AWS DocumentDB ECONNRESET error with SSH tunneling from Mongo shell

Question

I've followed the AWS DocumentDB docs for connecting outside VPC:

1. I created an EC2 instance in the same security group and VPC as the DocDB cluster
2. In the security group I opened 22 port access for my IP, and also opened port 27017 for communication inside the security so EC2 instance can SSH tunnel to the DocDB
3. I ran ssh -f -i "ssh-tunneling-access.pem" -L 27017:{doc-db-cluster}:27017 {ec2-instance-user}@{ec2-instance-dns} -N to open the SSH tunnel
4. In another terminal I tried to connect using Mongo shell with mongosh "mongodb://{credentials}!@localhost:27017/?tls=true&tlsAllowInvalidHostnames=true&tlsCAFile=rds-combined-ca-bundle.pem"

I got an error "MongoServerSelectionError: read ECONNRESET" I'm running on Windows 11, and my terminal is Powershell Core.

Any ideas what did I miss and/or how to troubleshoot it?

Answer 1

It has to do with the security groups. Connection reset also happens when the versions don't match. If you wan't to access mongodb over tunnels you can also use platforms like: Adaptive that allows you do access dbs, VMs and kubernetes cluster over tunnels and build auditability around it.

Answer 2

First of all, make sure you can connect to DocumentDB from the EC2 instance. The security group attached to the DocumentDB cluster has to allow port 27017 with source the EC2 instance (or the security group of the EC2). Second, is not clear from where you're initiating the tunnel. Did you execute step 3. on the Windows 11 machine? Have you installed OpenSSH on Windows? How about using a GUI client, like Robo 3t, which has SSH tunneling support? Instructions on how to connect can be found here.