启用ssl的AWS文档Db超时连接

Question

我正在AWS中创建documentDb的新集群，并尝试通过MongoDriver与我的net.core应用程序连接。具有启用了Ssl的属性的群集。

根据this question and answers，我尝试了几种方法来实现自己的目标。

• 将证书链导入本地计算机存储，并导入受信任的根证书颁发机构rds-combined-ca-bundle.p7b；
• 读取pem文件并在C＃代码中创建证书，或者在带有--sslCAFile参数的mongoShell中使用它。

var clientSetting = MongoClientSettings.FromUrl("mongodb://<myloging>:<mypassword>@<myclusterendpoint>/?ssl=true&replicaSet=rs0");

var setting = new MongoClientSettings()
{
    Server = clientSetting.Server,
    UseSsl = clientSetting.UseSsl,
    Credential = clientSetting.Credential,

    GuidRepresentation = GuidRepresentation.CSharpLegacy,
    ReadPreference = new ReadPreference(ReadPreferenceMode.Primary),
    VerifySslCertificate = true,
    SslSettings = new SslSettings
    {
        ClientCertificates = new List<X509Certificate2>()
        {
            new X509Certificate2("<path>\\rds-combined-ca-bundle.pem")
        },
        EnabledSslProtocols = System.Security.Authentication.SslProtocols.Default,
        CheckCertificateRevocation = true
    },
    ReplicaSetName = clientSetting.ReplicaSetName

};

setting.SslSettings.ClientCertificateSelectionCallback = (sender, host, certificates, certificate, issuers) => setting.SslSettings.ClientCertificates.ToList()[0];
setting.SslSettings.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

setting.MaxConnectionIdleTime = new TimeSpan(0, 0, 30);

client = new MongoClient(setting);

并执行以下操作：

var filter = new BsonDocument("name", "mycollection");
var collectionCursor = client.GetDatabase("mydatabase").ListCollections(new ListCollectionsOptions { Filter = filter });
if (!collectionCursor.Any())
{
    throw new Exception("Collection not found");
}

我希望它将获得名称为mycollection或Collection not found异常的集合，但得到

A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "1", ConnectionMode : "ReplicaSet", Type : "ReplicaSet", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/<myclusterendpoint>" }", EndPoint: "Unspecified/<myclusterendpoint>", State: "Disconnected", Type: "Unknown" }] }.

尝试通过MongoShell连接时出现相同的问题。也许问题出在不同的地区。示例：在u​​s-east-2中创建的集群，我尝试从乌克兰进行连接。 ：）

UPD ：假设我应该位于一个VPC中以连接到DocumentDb群集。

Answer 1

我看到了一些您可能想看的东西：

• UseSsl = clientSetting.UseSsl,-将此设置为true
• new X509Certificate2("<path>\\rds-combined-ca-bundle.pem")-您可能需要先阅读文件内容，而不是根据API文档提供路径：https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.-ctor?view=netframework-4.7.2

Answer 2

我的问题是在设计对AWS DocumentDB的访问权限。 More info about database access out of VPC。