How to deploy MongoDB on AWS

In this deployment guide you will get an overview of MongoDB capabilities and use cases along with a well-architected MongoDB Atlas solution ready to run in your AWS environment (using AWS CloudFormation).

MongoDB Atlas is the fastest and easiest way to run MongoDB in AWS. You can sign up for a free tier in AWS Marketplace using your AWS Account which gets you quickly up and running. Once you’re ready to scale to production you can pay-as-you-go consolidated with your AWS billing.

JSON has established itself as the de-facto standard for modern document storage, powering all sorts of diverse applications and architectures. This flexibility is particularly valuable in microservices architectures, where agile, rapidly evolving data models are required to accommodate changing requirements.

In API-first designs schemas lie at the core of applications communication with JSON payloads, one of the most found patterns, highlighting the need for meticulous payload validation and clear data contracts that facilitate consistent and reliable communication.

MongoDB is widely known for its robust document-oriented database capabilities optimized for JSON storage, offering native support for dynamic schema evolution and flexible querying capabilities.

MongoDB Atlas further enhances these capabilities by providing a fully managed, scalable, and secure cloud database solution, removing the complexities associated with managing distributed, multi-region, and highly available data environments.

MongoDB Atlas is a fully managed cloud database service offered by the creators of MongoDB, one of the most widely adopted open-source NoSQL databases available. Atlas builds upon MongoDB's powerful capabilities, offering a wide range of advanced features including automated deployment and scalability, seamless integration directly within your AWS account and enterprise friendly features such as data federation and SSO.

With MongoDB Atlas, developers can quickly provision databases that scale dynamically, handle high availability requirements, and automatically manage backups, updates, and security patches.

Setting up secure network connections, enforcing encryption standards, and configuring multi-region availability are available out-of-the-box. It integrates natively with AWS services, facilitating streamlined workflows for applications leveraging AWS cloud infrastructure.

Although widely known for its JSON document storage capabilities, MongoDB Atlas has evolved to support a wide range of storage technologies and deployment capabilities:

Multi-region document storage
MongoDB Atlas offers single-click multi-region deployments, allowing developers to distribute data clusters across AWS regions effortlessly. It handles automated data replication, region-specific queries, and automated failover to maintain global high availability and optimal performance, while providing developers with a single endpoint that works across all regions.

Vector storage
MongoDB Atlas supports native vector storage, indexing, and querying capabilities. With the rapid rise of Generative AI, vector storage is becoming an indispensable component in the stack of most development teams.

Full-text search
Relevance based search using full text queries becomes increasingly relevant as the diversity and volume of data increases, as well as when looking at new ways to optimize the user experience in locating desired information. MongoDB Atlas offers full text search capabilities natively, over a unified IP that centralizes all database queries and operations.

Data and event driven architectures
With built-in support for triggers, MongoDB Atlas enables automatic response to database events, enabling complex workflows and integrations with other AWS services, such as AWS Lambda, Amazon EventBridge, and Amazon SNS.

Security, federation and MFA
MongoDB Atlas provides enterprise-grade security features, including encryption-at-rest and in-transit, federation with AWS Identity and Access Management (IAM), and comprehensive authentication and authorization controls. These features ensure that MongoDB deployments within AWS adhere to best practices and compliance standards, providing strong security foundations essential for sensitive and regulated applications.

Data federation
MongoDB Atlas data federation capabilities enable unified querying across data stored in multiple MongoDB clusters and AWS S3 buckets. This provides organizations with centralized access and management of dispersed datasets, optimizing analytics, reporting, and application data aggregation workflows.

To deploy any of the CloudFormation templates available in this deployment guide your AWS account must meet the following requirements:

• Your AWS account must have an active subscription for MongoDB Atlas Pay-as-you-go.
• Your AWS access must have enough permissions to deploy all resources included in the applicable CloudFormation template, including rights to create IAM entities.
  

Please note that you must have an active login to your AWS account when using the CloudFormation deployment links in the Deployment Architectures section.

To enable programmatic access from your AWS account to your MongoDB Atlas account, an API key must be generated with appropriate permissions and network access so that CloudFormation will be able to create all necessary resources in your MongoDB Atlas environment. For in-depth details as to how to create and manage programmatic access to your MongoDB Atlas account please refer to the official documentation.

CloudFormation will access these credentials using a secret in AWS Secrets Manager, using the following naming convention: cfn/atlas/profile/{ProfileName}. When generating your API key you will receive a public and private key pair, to store these values in a correctly formatted secret you can use this CloudFormation template.

Costs associated with deploying the solutions in this guide will be only those given AWS resources as well as MongoDB Atlas Utilization. If using MongoDB Atlas trial tier, no MongoDB Atlas costs will be incurred.

MongoDB Atlas resources created outside of the trial tier will automatically generate pay-as-you-go charges according to MongoDB Atlas official pricing.

The contents of this guide, including CloudFormation templates, are licensed under the Apache 2.0 License. MongoDB Atlas is licensed and distributed under the Server-Side Public License (SSPL).

This guide offers four deployment architecture alternatives to satisfy specific deployment scenarios. All options provision a dedicated IAM role corresponding to your MongoDB Database user for greater security. CloudFormation is used for infrastructure as code declaration, and through parameters you can configure options such as CIDR blocks for your VPCs, MongoDB Atlas cluster instance type as well as other database settings.

Remember to log into your AWS account before clicking the CloudFormation deployment links on any of the architecture options shown below.

• Sign in to your AWS account, and launch this Partner Solution, as described under Deployment Architectures above in this guide. The AWS CloudFormation console opens with a prepopulated template.
   

• Choose the correct AWS Region, and then choose Next.
   

• On the Create stack page, keep the default setting for the template URL, and then choose Next.
   

• On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.
  
  Unless you’re customizing the Partner Solution templates or are instructed otherwise in this guide’s Predeployment section, don’t change the default settings for the following parameters: QSS3BucketName, QSS3BucketRegion, and QSS3KeyPrefix. Changing the values of these parameters will modify code references that point to the Amazon Simple Storage Service (Amazon S3) bucket name and key prefix. For more information, refer to the AWS Partner Solutions Contributor’s Guide.
  
  
• On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next.
   

• On the Review page, review and confirm the template settings. Under Capabilities, select all of the check boxes to acknowledge that the template creates AWS Identity and Access Management (IAM) resources that might require the ability to automatically expand macros.
   

• Choose Create stack. The stack takes about 10-20 minutes to deploy.
   

• Monitor the stack’s status, and when the status is CREATE_COMPLETE, the MongoDB Atlas deployment is ready.
   

• To view the created resources, choose the Outputs tab.
  

This Partner Solution provisions a cluster with security and TLS enabled by default. Optionally, network peering can be enabled on a new or existing AWS VPC. For more information, see MongoDB Security Features and Setup.

If you plan to use AWS Lambda, ensure that you follow the recommendations from Best Practices Connecting from AWS Lambda.

• MongoDB::Atlas::Project — A logical grouping of clusters. You can have multiple clusters within a single project and multiple projects within a single organization.
• MongoDB::Atlas::Cluster — A set of nodes comprising a MongoDB deployment and database. In Atlas, clusters can be replica sets or sharded deployments.
• MongoDB::Atlas::DatabaseUser — Credentials used to authenticate a client to access a MongoDB database deployment. You can assign privileges to a database user to determine a user’s access level to a cluster. Database users are different from Atlas users. Database users have access to MongoDB deployments but not the Atlas application.
• MongoDB::Atlas::ProjectIPAccessList — Atlas allows only client connections to the cluster from entries in the project’s IP access list. Each entry is either a single IP address or CIDR.
• MongoDB::Atlas::NetworkPeering — Process by which two internet networks connect and exchange traffic. You can directly peer your VPC with the Atlas VPC created for your MongoDB clusters. Using network peering, your application servers can connect directly to Atlas while remaining isolated from public networks.
• MongoDB::Atlas::PrivateEndpoint — Process by which two internet networks connect and exchange traffic. You can directly connect your VPC with the Atlas VPC created for your MongoDB clusters. Using Private Endpoint, your application servers can connect directly to Atlas allows you to privately connect without requiring an internet gateway or a NAT device.

If a stack fails to deploy, check the Events tab. If the error occurs for one of the MongoDB Atlas resources (for example, MongoDB::Atlas::Cluster), you will find a corresponding Amazon CloudWatch Logs group called mongodb-atlas-cluster-logs. Locate this group, and check the latest log entry to identify the issue.

If you receive a NO_PAYMENT_INFORMATION_FOUND error message when deploying a MongoDB cluster using the pay-as-you-go option, most likely your AWS account is not linked to your MongoDB Atlas account.

Customer responsibility

After you deploy a Partner Solution, confirm that your resources and services are updated and configured—including any required patches—to meet your security and other needs. For more information, refer to the Shared Responsibility Model.