How do I connect to a Spinup DocumentDB database?

Spinup offers Amazon DocumentDB—MongoDB-compatible, fully managed, and TLS-secured. You can connect to your database using the MongoDB Shell (mongosh) or a supported IDE on Linux, Windows, or macOS.

Prerequisites

Before connecting, you’ll need:

A running DocumentDB instance in Spinup
The following from your Spinup resource:
- Cluster endpoint (e.g. docdb-abc123.cluster-xyz.us-east-1.docdb.amazonaws.com)
- Username
- Password
Access to the Amazon RDS TLS certificate
Your Spinup space’s firewall configured to allow traffic on port 27017

Step 1: Allow Access in Your Firewall

In the Spinup portal, open your space
Go to the Firewall tab
Add an inbound rule:
- Protocol: TCP
- Port: 27017
- Source: Your IP address (or your network range)

Avoid using 0.0.0.0/0 unless for brief testing—this exposes your database to the public internet.

Step 2: Install `mongosh`

You’ll use MongoDB Shell (mongosh) to securely connect.

On Linux (Ubuntu/Debian)

# Import MongoDB public key
wget -qO- https://www.mongodb.org/static/pgp/server-7.0.asc | sudo tee /etc/apt/trusted.gpg.d/server-7.0.asc

# Add MongoDB repo
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list

# Update and install
sudo apt update
sudo apt install -y mongodb-mongosh

On Windows

Download the installer from the official MongoDB site:
👉 MongoDB Shell for Windows
Follow the installer prompts
Once installed, run mongosh from Command Prompt or PowerShell

Confirm installation with:

mongosh --version

Step 3: Download the RDS TLS Certificate

All connections to DocumentDB must use TLS.

Download the Amazon RDS CA bundle:

On Linux/macOS:

wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem

On Windows:

Open a browser and visit:
https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem
Right-click → Save As → Save the file as global-bundle.pem

Place it in an accessible directory like C:\Users\YourName\certs\

Step 4: Connect with `mongosh`

Connection Template

mongosh --tls \
  --tlsCAFile /path/to/global-bundle.pem \
  "docdb-endpoint:27017" \
  --username your-username

Linux/macOS Example:

mongosh --tls \
  --tlsCAFile ./global-bundle.pem \
  "docdb-abc123.cluster-xyz.us-east-1.docdb.amazonaws.com:27017" \
  --username admin

Windows (PowerShell) Example:

mongosh --tls `
  --tlsCAFile "C:\Users\YourName\certs\global-bundle.pem" `
  "docdb-abc123.cluster-xyz.us-east-1.docdb.amazonaws.com:27017" `
  --username admin

You will be prompted for your password after running the command. Authentication typically occurs against your default database (not admin).

Optional: Use VS Code to Connect

You can use the MongoDB for VS Code extension for GUI-style connections.

Install the MongoDB for VS Code extension
Open the MongoDB sidebar
Click “Connect” → “From Connection String”
Paste a URI like:

mongodb://your-username:your-password@docdb-endpoint:27017/?tls=true&tlsCAFile=C:\Users\YourName\certs\global-bundle.pem

You can also save and reuse connections from the sidebar.

Troubleshooting

Symptom	Check

Symptom	Check
Connection timeout	Ensure firewall port 27017 is open and IP is correct
TLS certificate errors	Confirm correct `global-bundle.pem` path and syntax
Auth errors	Use the correct database name and not `admin` (unless configured)
“mongosh not recognized”	Ensure mongosh is installed and your PATH is updated (Windows)

Need Help?

Email spinup@yale.edu
Ask in the #spinup Slack channel