This blog details how to install MongoDB with authentication on EC2 AMI Linux.
Prerequisites:
- You have ec2 instance running
- You have root access to ec2 instance
Step 1: Connect to ec2 instance using pem/ppk file
For MongoDB 3.0, create below file using vi or any other editor
vi /etc/yum.repos.d/mongodb-org-3.0.repo
Add below content in above created file
[mongodb-org-3.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2013.03/mongodb-org/3.0/x86_64/
gpgcheck=0
enabled=1
Step 2: Install mongodb using below command
sudo yum install -y mongodb-org
Step 3: Start MongoDB service using below command
sudo service mongod start
Step 4: Start MongoDB on reboot
You can optionally ensure that MongoDB will start following a system reboot by issuing the following command:
sudo chkconfig mongod on
Step 5: Connect to mongo shell
Once service is started you need to connect to mongo shell for creating user. To connect to mongo shell use below command
mongo
If you find below error when using mongo command
“Failed global initialization: BadValue Invalid or no user locale set. Please ensure LANG and/or LC_* environment variables are set correctly” Add export as mentioned below
export LC_ALL=C
Step 6: Select Admin
Once connected successfully to mongo, select admin
use admin
Step 7: Create User
Create user as per below:
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Create user for specific database
To create user for a particular database, repeat step 6 with below command
use <databaseName>
To create user for above database:
db.createUser(
{
user: "<userName>",
pwd: "<password>",
roles: [ { role: "readWrite", db: "muddle" }]
}
)
Edit /etc/mongod.conf
For mongo 3.x, Add this to the config
security:
authorization: "enabled"
Then run below command
service mongod restart
Step 8: Connect remotely
If you want to connect MongoDB remotely, edit below file with vi or any other editor:
vi /etc/mongod.conf
Add IP in bindIp as per below and restart mongodb service
bindIp: 127.0.0.1,8.8.8.8
Happy Securing!!!