Kubernetes - DocumentDB (MongoDB)
- Mike Piska
Scope AR requires Amazon DocumentDB 4.x. Although we also support DocumentDB 3.x, it is not recommended to use this version since modern MongoDB clients such as Mongo Compass no longer support connecting to versions below 4.x. It is recommended that both a “Primary” and “Replica” instance be deployed with a minimum instance size of db.r5.large.
Engine Type | Minimum Nodes | Instance Type | Authentication |
DocumentDB 4.x | 2 (1 Reader + 1 Writer) | Minimum db.r5.xlarge | Username/Password or IAM Auth |
Security Groups
The Scope AR Content Management System (CMS) and Worklink Create (Authoring Tool) must connect to this database, requiring an inbound security group rule on the DocumentDB instances to allow traffic from the Kubernetes worker nodes. All connections to DocumentDB will originate from the private Kubernetes worker nodes. There are no requirements for public access.
Authentication
AWS DocumentDB provides two authentication methods: username/password and IAM authentication. Scope AR supports both of these methods. Please refer to this article for detailed steps for setting up IAM authentication:
Identity and Access Management for Amazon DocumentDB - Amazon DocumentDB
Note: The IAM permissions explained in this document must be added to the EKS Role ARNs for the CMS and Worklink Create services. See Kubernetes - Configuring values.yaml for more information.