Connecting Robo 3T with DocumentDB outside AWS VPC

Connecting Robo 3T with DocumentDB outside AWS VPC

This blog shows how you can connect DocumentDB with Robo3T outside of AWS VPC.


  • AWS Account
  • DocumentDB Cluster
  • VPC
  • Robo 3T installed on the local machine


image.png We will be using the EC2 instance to create a tunnel between our local machine and DocumentDB. The EC2 and DocumentDB must be in the same VPC and we must make sure that the security group for DocumentDB must have EC2 instance security group or IP in the inbound rule. This will give access of DocumentDB to the EC2 instance.

Add the inbound rule to EC2 as per your setup so that the local machine can access the EC2. If you are new, you can open the EC2 access to all protocols with source as allows any user to access the EC2) in the inbound rules of the EC2’s security group.

Steps to Connect

1. Open Robo 3T and choose to Create.


2. On the Connection tab, in the Address field, enter the cluster endpoint, Port as 27017, and give a name to the connection.

image.png you can use this link to find the endpoint.

3. On the Authentication tab, check the box for Perform Authentication. Now enter the authentication information for your cluster.

image.png 4. On the SSH tab, check the box for Use SSH tunnel and add the SSH address, username, and private key/password of your EC2 instance. The SSH address is the public DNS of your EC2 instance. Add the .pem file for your EC2 instance.

image.png 5. Now choose the TLS tab and click the drop-down menu for Authentication Method. Choose Use CA Certificate. Select Advanced Options and for the Invalid Hostnames menu, select Allowed.

image.png 6. Test the connection by choosing the Test button.

image.png 7. A Diagnostic window should appear with the test results. If everything is green, then close the box.

image.png 8. Now choose Save. select your cluster and choose Connect.

Did you find this article valuable?

Support Shubham Deshmukh by becoming a sponsor. Any amount is appreciated!