Connect to remote MongoDB on AWS EC2 simply and securely via SSH tunnel

To connect to a remote MongoDB server running on AWS EC2 that only allows local connections you can use an SSH tunnel, also known as SSH port forwarding.

An SSH tunnel creates a connection between a port on your local machine and an address + port on the server, and tunnels the data to the server over SSH on port 22 so it doesn't get blocked by any firewalls or security groups (assuming SSH connections are allowed to the server). After the data reaches the SSH server it gets forwarded to the address + port you specified when you created the SSH tunnel. An important detail here is that the destination address + port are accessed from the context of the server, so localhost or 127.0.0.1 refer to the server machine on the destination side of the tunnel, not your local machine.

Create an SSH Tunnel to a remote MongoDB server

Here's an example command that I used to create an SSH tunnel between port 8000 on my local machine and the MongoDB port 27017 on an Ubuntu server running on AWS EC2.

ssh -i ~/my-aws-key.pem -N -f -L 8000:localhost:27017 [email protected]

• -i ~/my-aws-key.pem specifies the path to the ssh private key file to use for authentication.
• -N instructs ssh not execute a remote command, so it won't open a remote shell on the server.
• -f instructs ssh to run in the background.
• -L 8000:localhost:27017 tells ssh to connect your local (L) port 8000 to the address + port localhost:27017 on the server, in other words to MongoDB running locally on the server.
• [email protected] is the username and address to the AWS EC2 server that I used for testing.

Connect Mongo Shell to remote MongoDB server

After creating an SSH tunnel with the above command you can connect to the remote mongodb server as if it were running on your local machine on port 8000 like this.

mongo --port 8000

Connect MongoDB Compass to remote server

To connect to the remote mongodb server from MongoDB Compass use the following connection string to connect through the SSH tunnel on port 8000.

mongodb://localhost:8000

Close SSH Tunnel to MongoDB

To close an SSH tunnel that is open in the background you can kill the background process with the command kill -9 <process id>

Run this command to find out the id of the process for the SSH tunnel (and all other 'ssh' processes').

ps aux | grep ssh

Then run this command to kill the process and close the SSH tunnel, replacing <process id> with the id of the actual process from the above list.

kill -9 <process id>

Setup MongoDB Server on AWS EC2

For instructions on how to quickly setup a production ready MongoDB + Node.js server on AWS EC2 see Setup Node.js + MongoDB Production Server on Ubuntu. You can also see this server setup on YouTube as part of another video tutorial which covers deploying a MEAN Stack application to AWS.