I have a couple of Spring-boot applications which I am trying to connect to Atlas from an instance on EC2. I am using no AWS-API libraries within these applications.
In my local environment, these same applications have no trouble connecting to and using Atlas.
In order to run on EC2,
- In AWS, I created an access key of type ‘Application running outside AWS’ for the IAM user
- in Atlas under Database Access, I created a user using the arn from the IAM user.
- under Network Access, I entered the CIDR of the VPC that my EC2 instance is running on.
The access_key_id and secret_access_key from the access key are now my connection credentials when running as that IAM user.
From the EC2 instance, I am able to use mongosh using the access key credentials without issue. I can connect, run queries, etc.
Neither the access_key_id nor the secret_access_key contain any unsafe ASCII characters. I did url-encode them when creating the connection string but the strings remained unchanged.
The applications are bundled as dockers which accept the mongo connection string via an environment variable. When I launch any of the applications on the same instance as I connected via mongosh, the application appears to successfully connect. The MongoClient is obtained as a singleton during the startup sequence. I know from experience that failure to connect to mongo at startup results in catastrophic stacktraces shutting the application down immediately. What I observe is a normal, stable start up confirming safe connection.
When I attempt to hit any endpoint on those applications that triggers mongo operations, the stack traces start, all caused by
Caused by: com.mongodb.MongoCommandException: Command failed with error 8000 (AtlasError): 'bad auth : Authentication failed.' on server ac-iykyruy-shard-00-02.xbhdarn.mongodb.net:27017. The full response is {"ok": 0, "errmsg": "bad auth : Authentication failed.", "code": 8000, "codeName": "AtlasError"}
The CNAME ac-iykyruy-shard-00-02.xbhdarn.mongodb.net is correct and maps to my Atlas instance.
I am baffled as to why the application would appear to successfully connect initially but then throw Authentication errors when a data operation is requested when, in the same environment, mongosh succeeds.
I am running out of avenues to investigate.
I appreciate any insights that might be offered.