Lambda to Documentdb connection

This package provides a CDK construct facilitating the connection between a lambda and a Documentdb cluster.

How to use it

Instanciate DocumentdbClusterLambdaConnection in your stack CDK, by specifying at least the master user for accessing Documentdb. You can also specify the vpc you want your clusters in (otherwise the construct will provision one):

const documentdbCluster = new DocumentdbClusterLambdaConnection(
  this,
  "MyDocumentDbConnection",
  masterUser: { username: "yourUsername", secretName: "documentdbSecretName" }
);

Define the lambdas that will communicate with Documentdb in the same VPC:

const lambda1 = new NodejsFunction(this, "MyFirstLambda", {
  vpc: documentdbCluster.vpc,
  ...restOfLambdaConfiguration,
});
const lambda2 = new NodejsFunction(this, "MySecondLambda", {
  vpc: documentdbCluster.vpc,
  ...restOfLambdaConfiguration,
});

Give your lambdas the rights to communicate with your Documentdb cluster:

documentdbCluster.allowCommunication(lambda1, lambda2);

In the lambda handlers, retrieve the database secrets from SecretsManager, and use them with the Mongo client:

import { SecretsManager } from "aws-sdk";
import { MongoClient } from "mongodb";
export const main = async () => {
  const dbClient = await connectToDatabase();
  const db = dbClient.db("db");
  await db.collection("collection").insertOne({ property: "value" });
  return {
    statusCode: 200,
    body: "...",
  };
};
const connectToDatabase = async (): Promise<MongoClient> => {
  if (cachedDb) {
    return Promise.resolve(cachedDb);
  }
  const secretsManager = new SecretsManager({ region: "eu-west-1" });
  const secret = await secretsManager
    .getSecretValue({ SecretId: "documentdbSecretName" })
    .promise();
  const secretString = secret.SecretString;
  if (secretString === undefined) {
    throw new Error();
  }
  const docdbsecret = JSON.parse(secretString) as {
    password: string;
    host: string;
    username: string;
  };
  const { password, host, username } = docdbsecret;
  db = await MongoClient.connect(
    `mongodb://${encodeURIComponent(username)}:${encodeURIComponent(
      password
    )}@${host}`,
    {
      ssl: true,
      sslCA: "/opt/rds-combined-ca-bundle.pem", // https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation.html#ca_cert_rotation-updating_application_step1
      retryWrites: false,
      connectTimeoutMS: 3000,
    }
  );
  cachedDb = db;
  return cachedDb;
};

Built by

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.github/workflows		.github/workflows
dist		dist
docs		docs
lib		lib
test		test
.eslintignore		.eslintignore
.eslintrc.json		.eslintrc.json
.gitignore		.gitignore
.npmignore		.npmignore
.nvmrc		.nvmrc
README.md		README.md
jest.config.js		jest.config.js
package-lock.json		package-lock.json
package.json		package.json
tsconfig.build.json		tsconfig.build.json
tsconfig.json		tsconfig.json
yarn.lock		yarn.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Lambda to Documentdb connection

How to use it

About

Uh oh!

Releases 2

Packages

Languages

pmilliotte/documentdb-lambda-connection

Folders and files

Latest commit

History

Repository files navigation

Lambda to Documentdb connection

How to use it

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 2

Packages 0

Languages

Packages