How to Install MongoDB with AWS EC2

By
Sarah Dobie
September 14, 2017

Here at OptimalBI, we’ve recently switched from using DynamoDB to MongoDB. However, we still use Amazon’s EC2 service to manage our servers. Because MongoDB isn’t an Amazon Web Service like DynamoDB is, installing Mongo on one of these servers isn’t the most obvious process. It took a while for us to chisel out an internal document giving complete instructions on how to do this, and I have to look it up every time I want a new server which uses Mongo! So, we thought we would share with the world what we’ve put together.

Installation

Creating the Server

  1. From the AWS EC2 console, select the Launch Instance button to create a new server.
  2. The first screen is Choose AMI. Choose the Ubuntu server.
  3. When you get to the Configure Security Group screen, add rules to allow the following ports with a source of My IP.
  4. SSH: Port 22
  5. 27017
  6. 27018
  7. 27019
  8. 28017

Note that if your IP address changes, you will need to update the security group settings with your new IP.

Environment

Use a fully patched and updated Ubuntu. Please note that these instructions in this blog are for Ubuntu 16.04, and may become outdated in future.
Here’s some AWS documentation with instructions on how to connect to your EC2 instance. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

Installing MongoDB

Run these commands individually from the command line to install MongoDB.
Import public key for package system:
[code]sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv 0C49F3730359A14518585931BC711F9BA15703C6[/code]Create list file for apt:
[code]echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntuxenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list[/code]Reload package system:
[code]sudo apt update[/code]Install MongoDB package:
[code]sudo apt-get install -y mongodb-org[/code]Hooray! Now MongoDB should be installed. Let’s get it running.

Running MongoDB

Start

Run the following command to start MongoDB:
[code]sudo systemctl mongod start[/code]You can verify that MongoDB has started successfully by running this command:
[code]sudo cat /var/log/mongodb/mongod.log[/code]and checking that the following line is printed at the end of the file:
[code][initandlisten] waiting for connections on port 27017[/code]If you wish for Mongo to always run on system start, run the following command:
[code]sudo systemctl enable mongod[/code]

Stop

You can stop MongoDB by running the following command:
[code]sudo systemctl mongod stop[/code]

Authorisation

In order to use MongoDB, we need to create users.

Enable Authorisation

Run the following to open the config file:
[code]sudo nano /etc/mongod.conf[/code]The file should contain a security section which is commented out with a ‘#’ symbol. Remove this symbol, and change the section to be the same as the following:
[code]security:
 authorization: enabled[/code]Use Crtl+X to close the file. You will be prompted to save your changes. Hit the Y key to do this. You will then be prompted to enter a file name, however, we just want to overwrite the current config file, so hit Enter to save the file under the original name of mongod.conf.
At this point, we should restart Mongo. Enter the following command to do so.
[code]sudo systemctl mongod restart[/code]

Create Administrator

Enter the Mongo shell with the following command, while MongoDB is running:
[code]mongo[/code]The following message should be printed:
[code]MongoDB shell version v3.4.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.2[/code]Select the database for user data:
[code]use admin[/code]Create the admin user, replacing <ADMIN_USERNAME> and <PASSWORD> with appropriate values.
[code]db.createUser({user: "<ADMIN_USERNAME>", pwd: "<PASSWORD>", roles:[{role: "root", db: "admin"}]})[/code]Now let’s exit the Mongo shell:
[code]quit()[/code]To test that the admin user was created successfully, enter the following command, replacing <ADMIN_USERNAME> with the username you created before:
[code]mongo -u <ADMIN_USERNAME> -p –authenticationDatabase admin[/code]You will be prompted to enter the admin password. Note that no characters are displayed as you type the password.

Create Non-Admin User

Open the Mongo shell again:
[code]mongo[/code]Change to the user-data database:
[code]use user-data[/code]Create the new user, replacing <USERNAME>, <PASSWORD> and <TARGET_DATABASE> with appropriate values. The target database is a new database that you want this user to have access to.
[code]db.createUser({user: "<USERNAME>", pwd: "<PASSWORD>", roles:[{role: "read", db: "user-data"}, {role: "readWrite", db: "<TARGET_DATABASE>"}]})[/code]Let’s quit mongo shell:
[code]quit()[/code]You can test that the new user was created successfully by entering this command to connect as the new user. Replace <USERNAME> with the username you created in the previous step.
[code]mongo -u <USERNAME> -p –authenticationDatabase user-data[/code]

Allowing External Mongo Connections

You may be using a firewall to control the access to the server. If this is the case, you will want to allow all external connections. To do this, we want to edit the MongoDB config file again.
Open mongod.conf with the following command:
[code]sudo nano /etc/mongod.conf[/code]Locate and change bind_ip from 127.0.0.1 to 0.0.0.0.
[code]net:
 port: 27017
 bindIp: 0.0.0.0[/code]Use Crtl+X to close the file. You will be prompted to save your changes. Hit the Y key to do this. You will then be prompted to enter a file name, however, we just want to overwrite the current config file, so hit Enter to save the file under the original name of mongod.conf.
Restart Mongo for the changes to take effect:
[code]sudo systemctl mongod restart[/code]

Security Extras

By default, Mongo sends its data unencrypted, which is obviously an issue if you’re storing data that is even remotely sensitive. At Optimal we use SSL encryption for MongoDB. You can read how to set that up here: https://docs.mongodb.com/manual/tutorial/configure-ssl/
If you want to take it a step further, here is information about how to encrypt everything on the disk: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

Final Note

Hopefully this blog has been helpful! Patience pays off here, so if you run into trouble, check over these instructions again carefully. It’s very easy to make mistakes!
When the time comes to make use of Mongo, Robo3T (previously known as Robomongo) is a great GUI to use for managing your databases.
Best of luck, and happy databasing.
Sarah – The tea-drinking programmer
Sarah blogs about her learning experiences as she navigates the road from student to professional.

ContactAboutFree StuffMailer
Copyright © 2019 OptimalBI LTD.