Manage Connections with AWS Lambda
On this page
Best Practices
Use the following best practices to properly manage connections between AWS Lambda and Atlas:
Define the client to the MongoDB server outside the AWS Lambda handler function.
Don't define a new MongoClient object each time you invoke your function. Doing so causes the driver to create a new database connection with each function call. This can be expensive and can result in your application exceeding database connection limits. As an alternative, do the following:
Create the MongoClient object once.
Store the object so your function can reuse the MongoClient across function invocations.
The Connection Example reuses existing database connections to speed up communication with the database and keep connection counts to the database at a reasonable level with respect to application traffic.
Restrict network access to your Atlas cluster.
Connect to your Atlas cluster over private networking using a Network Peering connection between your Atlas cluster and your AWS Lambda function, or, alternatively, a private endpoint, so that you can allow only private IP addresses to your IP access list.
If private networking is not an option, consider connecting to your Atlas cluster via a NAT gateway with a mapped Elastic IP address. Otherwise, you must allow all IP addresses (0.0.0.0/0) to access your service cluster.
Warning
Adding
0.0.0.0/0
to your IP access list allows cluster access from anywhere in the public internet. Ensure that you're using strong credentials for all database users when allowing access from anywhere.Set Up Unified AWS Access and use AWS IAM authentication where possible.
You can connect to your Atlas clusters using AWS IAM roles instead of hardcoding your credentials in Lambda. Hardcoded credentials are viewable by anyone who accesses your AWS Lambda environment, which can pose a security risk. With AWS IAM authentication, Atlas accesses AWS Lambda through an assumed IAM role, so you don't need credentials in your connection strings.
Atlas supports AWS IAM authentication for clusters running MongoDB version 4.4 or higher. We strongly advise using AWS IAM authentication for Lambda connections if your cluster meets the requirements.
The amount of memory allocated to a Lambda function defaults to 128 MB. You can configure the amount of memory allocated to a Lambda function, between 128 MB and 10,240 MB. Ensure you allocate enough memory. Increase the memory to increase the amount of virtual CPU available and improve MongoDB driver performance. To learn more, see Memory and computing power.