Docs Menu
Docs Home
/
MongoDB Atlas
/

Manage Connections with AWS Lambda

On this page

  • Best Practices
  • Connection Example
  • AWS IAM Authentication
  • Other Authentication
  • AWS IAM Authentication
  • Other Authentication
  • AWS IAM Authentication
  • Other Authentication
  • AWS IAM Authentication
  • Other Authentication

Use the following best practices to properly manage connections between AWS Lambda and Atlas:

  • Define the client to the MongoDB server outside the AWS Lambda handler function.

    Don't define a new MongoClient object each time you invoke your function. Doing so causes the driver to create a new database connection with each function call. This can be expensive and can result in your application exceeding database connection limits. When you define a new MongoClient, you should:

    1. Create the MongoClient object once.

    2. Store the object so your function can reuse the MongoClient across function invocations.

    The Connection Example reuses existing database connections to speed up communication with the database and keep connection counts to the database at a reasonable level with respect to application traffic.

  • Restrict network access to your Atlas cluster.

    Connect to your Atlas cluster over private networking using a Network Peering connection between your Atlas cluster and your AWS Lambda function, or, alternatively, a private endpoint, so that you can allow only private IP addresses from your IP access list.

    If you don't use private networking, consider connecting to your Atlas cluster via a NAT gateway with a mapped Elastic IP address. Otherwise, you must allow all IP addresses (0.0.0.0/0) to access your service cluster.

    Warning

    Adding 0.0.0.0/0 to your IP access list allows cluster access from anywhere in the public internet. Ensure that you're using strong credentials for all database users when allowing access from anywhere.

  • Set maxIdleTimeMS to 60000 to automatically close your connections after 1 minute of idle time. Tuning your maxIdleTimeMS can help reduce the occurrence of timeout errors from your serverless functions.

  • Set Up Unified AWS Access and use AWS IAM authentication where possible.

    You can connect to your Atlas clusters using AWS IAM roles instead of hardcoding your credentials in Lambda. Hardcoded credentials are viewable by anyone who accesses your AWS Lambda environment, which can pose a security risk. With AWS IAM authentication, Atlas accesses AWS Lambda through an assumed IAM role, so you don't need credentials in your connection strings.

    Atlas supports AWS IAM authentication for clusters running MongoDB version 5.0 or higher. We strongly advise using AWS IAM authentication for Lambda connections if your cluster meets the requirements.

  • The amount of memory allocated to a Lambda function defaults to 128 MB. You can configure the amount of memory allocated to a Lambda function, between 128 MB and 10,240 MB. Ensure you allocate enough memory. Increase the memory to increase the amount of virtual CPU available and improve MongoDB driver performance. To learn more, see Memory and computing power.

  • Set your AWS_STS_REGIONAL_ENDPOINTS and AWS_REGION environment variables.

← Simulate Regional Outage