Hello Angela,
I am running into the same issue when my allowed IP access is 0.0.0.0/0 and i have the timeout, with the exact same setup.
I have checked the credentials in my AWS lambda and everything is setup correctly, do you have any idea where else it can come from ?
It works perfectly fine with Password authentication but times out when using the IAM, even by trying to get the server info (so it’s not connected), but i have no connection errors.
Note : the in app chat session support told me it’s out of scope and i can’t currently subscribe to the developer support plan unfortunately that’s why i am asking again here… Maybe it’s the issue as the above that you have solved privately.
Thanks in advance for any help,
Tom
Hi 
@Tommy_Deshairs,
Welcome back to the MongoDB Community forums 
Have you considered configuring a static IP address for the lambda? You can place it in a private subnet and then use a NAT gateway. This way, you can add the IP to your MongoDB whitelist. Alternatively, you can also keep your IP access list as 0.0.0.0/0, and it will still work.
Also, can you please share what steps you followed? Meanwhile, you can also check out the Manage Connections with AWS Lambda documentation.
Best,
Kushagra
Hi @Kushagra_Kesav thanks for your reply !
Regarding the static IP, isn’t better to use the “Peering” ? Or is it the same thing ?
I should simply connect my Lambda to a VPC and do the peering i guess, my Lambda should never be exposed on the internet, i have an API Gateway for requests.
I will indeed remove eventually the 0.0.0.0/0, it is currently for testing to be sure my setup is correct and once it’s validated i will add network security.
In the meantime, here are the steps i have made so far :
- I have created a custom role in my AWS account that is used for my Lambda functions (even before i was using MongoDB Atlas).
- I have created a custom role in MongoDB Atlas UI that grants all permission on my database
- I have created a database user in MongoDB Atlas UI using AWS IAM.
- I have pasted the role ARN of my Lambda role in AWS
- I have associated the database user to the custom role
- In the lambda code, i was connecting using pymongo :
client = MongoClient(os.environ.get("DB_URL"))
db = client.get_database(os.environ.get("DB_NAME"))
Which is working fine with the DB_URL value using the password string.
- I have replaced the above code with :
uri = 'mongodb://' + quote_plus(os.environ.get("AWS_ACCESS_KEY_ID")) + ':' + quote_plus(os.environ.get("AWS_SECRET_ACCESS_KEY")) + os.environ.get("DB_LAST_SEGMENT_URL") + quote_plus(os.environ.get("AWS_SESSION_TOKEN"))
client = MongoClient(uri)
- The final
uri looks like this and seems to be accepted because before writing this code i have got many issues with the connection string malformed and this one seems to be correct :
mongodb://AWSACCESSKEYIDVALUE:dCizkdoafqo2Kdxm3d9NHh34Jbcj0daXK%2F@projectname.80ebt.mongodb.net/dbname?retryWrites=true&authMechanismProperties=AWS_SESSION_TOKEN:IQoJb3JpZ2luX2VjEAwaCWV1LXdlc3QtMyJHMEUCIFmUMGLbXeeBzZJ%2BJ6W%2F%2BP8HXyEFtWGMpF%2FyzDq9lD0UAiEA4IHvHFTfbmrKyTeOBGMfmoRIa%2FuzuQK8WPt7pqbfBEq7AIIABGgwwOTQ1Nzg0NDI4ODIiDNWsS5JNhNvazG%2BdLirJAmUoBYN8jChs2RZpAnFS0kzy7pq0QTXTR4JOJRG9Rf3LE%2B4iPbd9903xL4Ye9D0vzLxMuOdWW4YSIEmSZclM0HyfG8WucC95%2Bw0BeJYfjBkziK%2BHrqu84nJyw0d07gM3%2FSgBHMxbksJ04vKd31RwQugpceDvg8SKJ8mdP1h4sfnCPqNO7WKZYpS1tN8%2FzaSicTmbap70vGbfLNaa5RPWooQkCcXEdgPvWEJmxXhrIbZAhm9jBTymmduKprDzHCy%2BkOoxFtrP7nsNJncGDdoJHtJgbVykktj%2By8ZKMGy3JaBJ%2FzxWS1%2FJTmqQBtQdfXIBYYGhyDpCQCfV8VK0b1%2FEXBY%2FaPZas6ZovF4cKZkFb3YrWPi0URF5X2yx6GsOS6NRphwLeJ%2FpIMf2DdGuathlc4PS%2FuNbZMjhuekX%2F66Tg%2FO0ikYksD%2BQKfnmtDf2ZnYAEA%2FmaQKwaICDyTCnPWEsAyJ92kdFBQJMYJcs9q76WlcQw96AS12E8Brlg%3D
Note : i have edited manually the values to give fake IDs, but so you see the structure of the output. the / are escaped in the AWS_SECRET_ACCESS_KEY as requested by pymongo
Thanks again for your help,
Tom
Hello @Tommy_Deshairs,
Thanks for sharing the detailed steps.
Can you share the full output of the error message you got after encountering the issue? In addition, can you confirm that you have the required dependencies, pymongo[aws] according to our Authentication Mechanism documentation?
Best,
Kushagra
@Kushagra_Kesav thanks for your information (the link) and specifying that i should use pymongo[aws], indeed i was still using pymongo[srv].
However this still times out… But i did read in the link you provided this :
And i notice 2 things compared to my URI string :
- I have not
authMechanism=MONGODB-AWS
- I should not be using the ENV VARS in the URI
I did the following tests and all failed (i have attached some logs, not all of them) :
- The uri looks like :
uri = "mongodb://example.com/mydatabase?authMechanism=MONGODB-AWS&retryWrites=true"
[INFO] 2023-04-25T18:14:32.183Z d20d74ef-a284-4102-b4bf-05f6a84bc7e5 Uri after parse : mongodb://myproject.80ebt.mongodb.net/?authMechanism=MONGODB-AWS&retryWrites=true and client : Database(MongoClient(host=['myproject.80ebt.mongodb.net:27017'], document_class=dict, tz_aware=False, connect=True, authmechanism='MONGODB-AWS', retrywrites=True), 'mydatabase')
2023-04-25T18:14:37.190Z d20d74ef-a284-4102-b4bf-05f6a84bc7e5 Task timed out after 5.01 seconds
- The uri looks like :
uri = "mongodb://example.com/mydatabase?authMechanism=MONGODB-AWS" (like the documentation without retryWrites=true)
- The uri looks like :
uri = "mongodb://example.com/?authMechanism=MONGODB-AWS" (like the documentation, without specifing the database name) :
[INFO] 2023-04-25T18:15:17.319Z 783af7f1-6238-4b05-96d5-2e2798888d56 Uri after parse : mongodb://myproject.80ebt.mongodb.net/?authMechanism=MONGODB-AWS and client : Database(MongoClient(host=['myproject.80ebt.mongodb.net:27017'], document_class=dict, tz_aware=False, connect=True, authmechanism='MONGODB-AWS'), 'mydatabase')
2023-04-25T18:15:22.326Z 783af7f1-6238-4b05-96d5-2e2798888d56 Task timed out after 5.01 seconds
- The uri looks like : mongodb+srv://:@project_name.80ebt.mongodb.net/?authSource=%24external&authMechanism=MONGODB-AWS&retryWrites=true&w=majority&authMechanismProperties=AWS_SESSION_TOKEN:<session token (for AWS IAM Roles)>
All these tests were made using pymongo[aws]==4.3.3.
Really appreciate your help on this,
Tom
Hello @Tommy_Deshairs,
I will suggest a couple of workarounds for you to try and see if they work:
-
Make sure you have the proper ARN given under AWS IAM in Atlas as shown below:
-
Secondly, could you try increasing the timeout for the lambda function? By default, the value is set to 3 seconds.
You can do so by going to the AWS Management Console and navigating to the below option:
Lambda function -> Configuration -> General configuration -> Edit Timeout
Also, please refer to Configuring Lambda function options - AWS Lambda to read more.
I hope it helps!
Best,
Kushagra
Hello @Kushagra_Kesav thanks for the following up.
I have triple checked the ARN and also granted specific priviledges (dbAdmin) instead of my custom role (which was allowing insert / remove / update / find) to see if this was a permission issue but no…
Also, i have setup to 10 seconds the time out of my lambda and this is still in time out unfortunately 
I am attaching here the link of my related SO question if someone has any other ideas.
In the meantime, i will simply delete this DB user and create a new one from scratch to see if there is something wrong with this one.
Best regards,
Tom
Hi @Tommy_Deshairs,
If the suggested steps are not working, then I think there might be an issue with parsing the environment variable into your final URI. For example, I noticed a few %2F within the final URI that you shared above.
Could you try embedding the variable directly and see if that resolves the issue?
Best,
Kushagra
Hi @Kushagra_Kesav ,
It was a silly mistake.
I have added the +srv field to this url :
mongodb://example.com/?authMechanism=MONGODB-AWS
Which gives a working solution :
mongodb+srv://example.com/?authMechanism=MONGODB-AWS
Actually not that silly because the documentation states it’s mongodb://...
Thank you very much for your time and effort trying to help me out, really appreciated.
Best regards,
Tom
1 Like
