Problem
While configuring a Vault Database Secrets Engine for AWS DocumentDB (MongoDB), you may encounter this error:
Error:
Error configuring database secret engine: error creating database object: failed to verify connection: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: <CLUSTER NAME>.docdb.amazonaws.com:<PORT>, Type: Unknown }, ] }, on post https://<VAULT ADDR>/v1/database/config/<NAME>
Prerequisites (if applicable)
- A running Vault server/cluster
- A running DocumentDB cluster, and its username, password, and TLS certificate (if applicable).
Cause
- This error is likely caused by trying to connect to the database cluster from outside the VPC it's deployed in.
Possible solutions
Solutions:
-
Possible Solution 1
- Ensure that Vault and the DocumentDB cluster are in the same VPC.
-
Solution 2
- Refer to AWS documentation: Connecting to an Amazon DocumentDB Cluster from Outside an Amazon VPC
Outcome
The expected outcome after using one of the proposed solutions is a successful connection between Vault and DocumentDB.
Additional Information
-
https://developer.hashicorp.com/vault/docs/secrets/databases/mongodb