Docs Menu

Docs HomeDevelop ApplicationsMongoDB Manual

Connection String URI Format

On this page

  • Connection String Formats
  • Connection String Options
  • Examples

This document describes the URI formats for defining connections between applications and MongoDB instances in the official MongoDB Drivers. For a list of drivers and links to driver documentation, see Drivers.

You can specify the MongoDB connection string using either:

This section describes the standard format of the MongoDB connection URI used to connect to a MongoDB deployment: standalone, replica set, or a sharded cluster.

The standard URI connection scheme has the form:

mongodb://[username:password@]host1[:port1][,...hostN[:portN]][/[defaultauthdb][?options]]

For more examples, see Examples.

The standard URI connection string includes the following components:

Component
Description
mongodb://
A required prefix to identify that this is a string in the standard connection format.
username:password@

Optional. Authentication credentials.

If specified, the client will attempt to authenticate the user to the authSource. If authSource is unspecified, the client will attempt to authenticate the user to the defaultauthdb. And if the defaultauthdb is unspecified, to the admin database.

Note

If the username or password includes the following characters:

: / ? # [ ] @

those characters must be converted using percent encoding.

See also authSource.

host[:port]

The host (and optional port number) where the mongod instance (or mongos instance for a sharded cluster) is running. You can specify a hostname, IP address, or UNIX domain socket. Specify as many hosts as appropriate for your deployment topology:

  • For a standalone, specify the hostname of the standalone mongod instance.

  • For a replica set, specify the hostname(s) of the mongod instance(s) as listed in the replica set configuration.

  • For a sharded cluster, specify the hostname(s) of the mongos instance(s).

If the port number is not specified, the default port 27017 is used.

/defaultauthdb

Optional. The authentication database to use if the connection string includes username:password@ authentication credentials but the authSource option is unspecified.

If both authSource and defaultauthdb are unspecified, the client will attempt to authenticate the specified user to the admin database.

?<options>

Optional. A query string that specifies connection specific options as <name>=<value> pairs. See Connection String Options for a full description of these options.

If the connection string does not specify a database/ you must specify a slash (/) between the last host and the question mark (?) that begins the string of options.

New in version 3.6.

In addition to the standard connection format, MongoDB supports a DNS-constructed seed list. Using DNS to construct the available servers list allows more flexibility of deployment and the ability to change the servers in rotation without reconfiguring clients.

In order to leverage the DNS seed list, use a connection string prefix of mongodb+srv rather than the standard mongodb. The +srv indicates to the client that the hostname that follows corresponds to a DNS SRV record. The driver or mongosh will then query the DNS for the record to determine which hosts are running the mongod instances.

Note

Use of the +srv connection string modifier automatically sets the tls (or the equivalent ssl) option to true for the connection. You can override this behavior by explicitly setting the tls (or the equivalent ssl) option to false with tls=false (or ssl=false) in the query string.

The following example shows a typical connection string for a DNS seed list connection string:

mongodb+srv://server.example.com/

The corresponding DNS configuration might resemble:

Record TTL Class Priority Weight Port Target
_mongodb._tcp.server.example.com. 86400 IN SRV 0 5 27317 mongodb1.example.com.
_mongodb._tcp.server.example.com. 86400 IN SRV 0 5 27017 mongodb2.example.com.

When a client connects to a member of the seed list, the client retrieves a list of replica set members it can connect to. Clients often use DNS aliases in their seed lists which means the host may return a server list that differs from the original seed list. If this happens, clients will use the hostnames provided by the replica set rather than the hostnames listed in the seed list to ensure that replica set members can be reached via the hostnames in the resulting replica set config.

Important

The hostnames returned in SRV records must share the same parent domain (in this example, example.com) as the given hostname. If the parent domains and hostname do not match, you will not be able to connect.

Like the standard connection string, the DNS seed list connection string supports specifying options as a query string. With a DNS seed list connection string, you can also specify the following options via a TXT record:

  • replicaSet

  • authSource

You may only specify one TXT record per mongod instance. If multiple TXT records appear in the DNS and/or if the TXT record contains an option other than replicaSet or authSource, the client will return an error.

The TXT record for the server.example.com DNS entry would resemble:

Record TTL Class Text
server.example.com. 86400 IN TXT "replicaSet=mySet&authSource=authDB"

Taken together, the DNS SRV records and the options specified in the TXT record resolve to the following standard format connection string:

mongodb://mongodb1.example.com:27317,mongodb2.example.com:27017/?replicaSet=mySet&authSource=authDB

You can override the options specified in a TXT record by passing the option in the query string. In the following example, the query string has provided an override for the authSource option configured in the TXT record of the DNS entry above.

mongodb+srv://server.example.com/?connectTimeoutMS=300000&authSource=aDifferentAuthDB

Given the override for the authSource, the equivalent connection string in the standard format would be:

mongodb://mongodb1.example.com:27317,mongodb2.example.com:27017/?connectTimeoutMS=300000&replicaSet=mySet&authSource=aDifferentAuthDB

Note

The mongodb+srv option will fail if there is no available DNS with records that correspond to the hostname identified in the connection string. In addition, use of the +srv connection string modifier automatically sets the tls (or the equivalent ssl) option to true for the connection. You can override this behavior by explicitly setting the tls (or the equivalent ssl) option to false with tls=false (or ssl=false) in the query string.

Tip

See:

Connect to a Replica Set Using the DNS Seedlist Connection Format provides an example of connecting mongosh to a replica set using the DNS Seed list Connection Format.

This section lists all connection options.

Connection options are pairs in the following form: name=value.

  • The option name is case insensitive when using a driver.

  • The option name is case insensitive when using mongosh, or the version 4.2 or later legacy mongo shell.

  • The option name is case sensitive when using a version 4.0 and earlier legacy mongo shell.

  • The value is always case sensitive.

Separate options with the ampersand (i.e. &) character name1=value1&name2=value2. In the following example, a connection includes the replicaSet and connectTimeoutMS options:

mongodb://db1.example.net:27017,db2.example.net:2500/?replicaSet=test&connectTimeoutMS=300000

Note

Semi-colon separator for connection string arguments

To provide backwards compatibility, drivers currently accept semi-colons (i.e. ;) as option separators.

The following connection string to a replica set named myRepl with members running on the specified hosts:

mongodb://db0.example.com:27017,db1.example.com:27017,db2.example.com:27017/?replicaSet=myRepl
Connection Option
Description
replicaSet

Specifies the name of the replica set, if the mongod is a member of a replica set.

When connecting to a replica set, provide a seed list of the replica set member(s) to the host[:port] component of the uri. For specific details, refer to your driver documentation.

The following connection string to a replica set includes tls=true option (available starting in MongoDB 4.2):

mongodb://db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&tls=true

Alternatively, you can also use the equivalent ssl=true option:

mongodb://db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&ssl=true
Connection Option
Description
tls

Enables or disables TLS/SSL for the connection:

Note

The tls option is equivalent to the ssl option.

If the mongo shell specifies additional tls/ssl options from the command-line, use the --tls command-line option instead.

New in version 4.2.

ssl

A boolean to enable or disables TLS/SSL for the connection:

Note

The ssl option is equivalent to the tls option.

If the mongo shell specifies additional tls/ssl options from the command-line, use the --ssl command-line option instead.

tlsCertificateKeyFile

Specifies the location of a local .pem file that contains either the client's TLS/SSL X.509 certificate or the client's TLS/SSL certificate and key.

The client presents this file to the mongod/mongos instance.

Changed in version 4.4: mongod / mongos logs a warning on connection if the presented x.509 certificate expires within 30 days of the mongod/mongos host system time. See x.509 Certificates Nearing Expiry Trigger Warnings for more information.

This option is not supported by all drivers. Refer to the Drivers documentation.

This connection string option is not available for the mongo shell. Use the command-line option instead.

New in version 4.2.

tlsCertificateKeyFilePassword

Specifies the password to de-crypt the tlsCertificateKeyFile.

This option is not supported by all drivers. Refer to the Drivers documentation.

This connection string option is not available for the mongo shell. Use the command-line option instead.

New in version 4.2.

tlsCAFile

Specifies the location of a local .pem file that contains the root certificate chain from the Certificate Authority. This file is used to validate the certificate presented by the mongod/mongos instance.

This option is not supported by all drivers. Refer to the Drivers documentation.

This connection string option is not available for the mongo shell. Use the command-line option instead.

New in version 4.2.

tlsAllowInvalidCertificates

Bypasses validation of the certificates presented by the mongod/mongos instance

Set to true to connect to MongoDB instances even if the server's present invalid certificates.

This option is not supported by all drivers. Refer to the Drivers documentation.

This connection string option is not available for the mongo shell. Use the command-line option instead.

Warning

Disabling certificate validation creates a vulnerability.

New in version 4.2.

tlsAllowInvalidHostnames

Disables hostname validation of the certificate presented by the mongod/mongos instance.

Set to true to connect to MongoDB instances even if the hostname in the server certificates do not match the server's host.

This option is not supported by all drivers. Refer to the Drivers documentation.

This connection string option is not available for the mongo shell. Use the command-line option instead.

Warning

Disabling certificate validation creates a vulnerability.

New in version 4.2.

tlsInsecure

Disables various certificate validations.

Set to true to disable certificate validations. The exact validatations disabled vary by drivers. Refer to the Drivers documentation.

This connection string option is not available for the mongo shell. Use the command-line option instead.

Warning

Disabling certificate validation creates a vulnerability.

New in version 4.2.

Connection Option
Description
connectTimeoutMS
The time in milliseconds to attempt a connection before timing out. The default is never to timeout, though different drivers might vary. See the driver documentation.
socketTimeoutMS
The time in milliseconds to attempt a send or receive on a socket before the attempt times out. The default is never to timeout, though different drivers might vary. See the driver documentation.
Connection Option
Description
compressors

Comma-delimited string of compressors to enable network compression for communication between this client and a mongod/mongos instance.

You can specify the following compressors:

  • snappy

  • zlib (Available in MongoDB 3.6 or greater)

  • zstd (Available in MongoDB 4.2 or greater)

If you specify multiple compressors, then the order in which you list the compressors matter as well as the communication initiator. For example, if the client specifies the following network compressors "zlib,snappy" and the mongod specifies "snappy,zlib", messages between the client and the mongod uses zlib.

Important

Messages are compressed when both parties enable network compression. Otherwise, messages between the parties are uncompressed.

If the parties do not share at least one common compressor, messages between the parties are uncompressed.

mongosh supports the uri connection string option compressors.

zlibCompressionLevel

An integer that specifies the compression level if using zlib for network compression.

You can specify an integer value ranging from -1 to 9:

Value
Notes
-1
Default compression level, usually level 6 compression.
0
No compression
1 - 9

Increasing level of compression but at the cost of speed, with:

  • 1 providing the best speed but least compression, and

  • 9 providing the best compression but at the slowest speed.

Not supported by mongosh.

Most drivers implement some kind of connection pool handling. Some drivers do not support connection pools. See your driver documentation for more information on the connection pooling implementation. These options allow applications to configure the connection pool when connecting to the MongoDB deployment.

Connection Option
Description
maxPoolSize
The maximum number of connections in the connection pool. The default value is 100.
minPoolSize

The minimum number of connections in the connection pool. The default value is 0.

Note

The minPoolSize option is not supported by all drivers. For information on your driver, see the Drivers documentation.

maxIdleTimeMS

The maximum number of milliseconds that a connection can remain idle in the pool before being removed and closed.

This option is not supported by all drivers.

waitQueueMultiple

A number that the driver multiplies the maxPoolSize value to, to provide the maximum number of threads allowed to wait for a connection to become available from the pool. For default values, see the driver documentation.

This option is not supported by all drivers.

waitQueueTimeoutMS

The maximum time in milliseconds that a thread can wait for a connection to become available. For default values, see the driver documentation.

This option is not supported by all drivers.

Write concern describes the level of acknowledgment requested from MongoDB. The write concern option is supported by the:

You can specify the write concern both in the connection string and as a parameter to methods like insert or update. If the write concern is specified in both places, the method parameter overrides the connection-string setting.

The following connection string to a replica set specifies "majority" write concern and a 5 second timeout using the wtimeoutMS write concern parameter:

mongodb://db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&w=majority&wtimeoutMS=5000
Connection Option
Description
w

Corresponds to the write concern w Option. The w option requests acknowledgement that the write operation has propagated to a specified number of mongod instances or to mongod instances with specified tags.

You can specify a number, the string majority, or a tag set.

For details, see w Option.

wtimeoutMS

Corresponds to the write concern wtimeout. wtimeoutMS specifies a time limit, in milliseconds, for the write concern.

When wtimeoutMS is 0, write operations will never time out. For more information, see wtimeout.

journal

Corresponds to the write concern j Option option. The journal option requests acknowledgement from MongoDB that the write operation has been written to the journal. For details, see j Option.

If you set journal to true, and specify a w value less than 1, journal prevails.

If you set journal to true, and the mongod does not have journaling enabled, as with storage.journal.enabled, then MongoDB will error.

For more information, see Write Concern.

New in version 3.2: For the WiredTiger storage engine, MongoDB 3.2 introduces the readConcern option for replica sets and replica set shards.

Read Concern allows clients to choose a level of isolation for their reads from replica sets.

The following connection string to a replica set specifies readConcernLevel=majority:

mongodb://db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&readConcernLevel=majority
Connection Option
Description
readConcernLevel

The level of isolation. Can accept one of the following values:

This connection string option is not available for mongosh. Specify the read concern as an option to the specific operation.

For more information, see Read Concern.

Read preferences describe the behavior of read operations with regards to replica sets. These parameters allow you to specify read preferences on a per-connection basis in the connection string.

Note

To specify the hedged reads option using the drivers, refer to the drivers' read preference API.

For example:

  • The following connection string to a replica set specifies secondary read preference mode and a maxStalenessSeconds value of 120 seconds:

    mongodb://db0.example.com,db1.example.com,db2.example.com/?replicaSet=myRepl&readPreference=secondary&maxStalenessSeconds=120
  • The following connection string to a sharded cluster specifies secondary read preference mode and a maxStalenessSeconds value of 120 seconds:

    mongodb://mongos1.example.com,mongos2.example.com/?readPreference=secondary&maxStalenessSeconds=120
  • The following connection string to a sharded cluster specifies secondary read preference mode as well as three readPreferenceTags:

    mongodb://mongos1.example.com,mongos2.example.com/?readPreference=secondary&readPreferenceTags=dc:ny,rack:r1&readPreferenceTags=dc:ny&readPreferenceTags=

Order matters when using multiple readPreferenceTags. The readPreferenceTags are tried in order until a match is found. Once found, that specification is used to find all eligible matching members and any remaining readPreferenceTags are ignored. For details, see Order of Tag Matching.

Connection Option
Description
readPreference

Specifies the read preferences for this connection. Possible values are:

Multi-document transactions that contain read operations must use read preference primary. All operations in a given transaction must route to the same member.

This connection string option is not available for the mongo shell. See cursor.readPref() and Mongo.setReadPref() instead.

maxStalenessSeconds

Specifies, in seconds, how stale a secondary can be before the client stops using it for read operations. For details, see Read Preference maxStalenessSeconds.

By default, there is no maximum staleness and clients will not consider a secondary's lag when choosing where to direct a read operation.

The minimum maxStalenessSeconds value is 90 seconds. Specifying a value between 0 and 90 seconds will produce an error. MongoDB drivers treat a maxStalenessSeconds value of -1 as "no max staleness", the same as if maxStalenessSeconds is omitted.

Important

To use maxStalenessSeconds, all of the MongoDB instances in your deployment must be using MongoDB 3.4 or later. If any instances are on an earlier version of MongoDB, the driver or mongod/mongos will raise an error.

New in version 3.4.

readPreferenceTags

Specifies the tags document as a comma-separated list of colon-separated key-value pairs. For example,

  • To specify the tags document { "dc": "ny", "rack": "r1" }, use readPreferenceTags=dc:ny,rack:r1 in the connection string.

  • To specify an empty tags document { }, use readPreferenceTags= without setting the value.

To specify a list of tag documents, use multiple readPreferenceTags. For example, readPreferenceTags=dc:ny,rack:r1&readPreferenceTags=.

Order matters when using multiple readPreferenceTags. The readPreferenceTags are tried in order until a match is found. For details, see Order of Tag Matching.

This connection string option is not available for the mongo shell. See cursor.readPref() and Mongo.setReadPref() instead.

For more information, see Read preferences.

The following connection string to a replica set specifies the authSource to the admin database. That is, the user credentials are authenticated against the admin database.

mongodb://myDBReader:D1fficultP%40ssw0rd@mongodb0.example.com:27017,mongodb1.example.com:27017,mongodb2.example.com:27017/?replicaSet=myRepl&authSource=admin

Note

If the username or password includes the following characters:

: / ? # [ ] @

those characters must be converted using percent encoding.

Connection Option
Description
authSource

Specify the database name associated with the user's credentials. If authSource is unspecified, authSource defaults to the defaultauthdb specified in the connection string. If defaultauthdb is unspecified, then authSource defaults to admin.

The PLAIN (LDAP), GSSAPI (Kerberos), and MONGODB-AWS (IAM) authentication mechanisms require that authSource be set to $external, as these mechanisms delegate credential storage to external services.

MongoDB will ignore authSource values if no username is provided, either in the connection string or via the --username parameter.

authMechanism

Specify the authentication mechanism that MongoDB will use to authenticate the connection. Possible values include:

MongoDB 4.0 removes support for the MONGODB-CR authentication mechanism. You cannot specify MONGODB-CR as the authentication mechanism when connecting to MongoDB 4.0+ deployments.

Only MongoDB Enterprise mongod and mongos instances provide GSSAPI (Kerberos) and PLAIN (LDAP) mechanisms.

To use MONGODB-X509, you must have TLS/SSL Enabled.

To use MONGODB-AWS, you must be connecting to a MongoDB Atlas cluster which has been configured to support authentication via AWS IAM credentials (i.e. an AWS access key ID and a secret access key, and optionally an AWS session token). The MONGODB-AWS authentication mechanism requires that the authSource be set to $external.

When using MONGODB-AWS, provide your AWS access key ID as the username and the secret access key as the password. If using an AWS session token as well, provide it with the AWS_SESSION_TOKEN authMechanismProperties value.

Note

If the AWS access key ID, secret access key, or session token include the following characters:

: / ? # [ ] @

those characters must be converted using percent encoding.

Alternatively, if the AWS access key ID, secret access key, or session token are defined on your platform using their respective AWS IAM environment variables mongosh will use these environment variable values to authenticate; you do not need to specify them in the connection string.

See Connect to an Atlas Cluster for example usage of the MONGODB-AWS authentication mechanism using both a connection string and the environment variables method.

See Authentication for more information about the authentication system in MongoDB. Also consider Use x.509 Certificates to Authenticate Clients for more information on x509 authentication.

authMechanismProperties

Specify properties for the specified authMechanism as a comma-separated list of colon-separated key-value pairs.

Possible key-value pairs are:

SERVICE_NAME:<string>

Set the Kerberos service name when connecting to Kerberized MongoDB instances. This value must match the service name set on MongoDB instances to which you are connecting. Only valid when using the GSSAPI authentication mechanism.

SERVICE_NAME defaults to mongodb for all clients and MongoDB instances. If you change the saslServiceName setting on a MongoDB instance, you must set SERVICE_NAME to match that setting. Only valid when using the GSSAPI authentication mechanism.

CANONICALIZE_HOST_NAME:true|false
Canonicalize the hostname of the client host machine when connecting to the Kerberos server. This may be required when hosts report different hostnames than what is in the Kerberos database. Defaults to false. Only valid when using the GSSAPI authentication mechanism.
SERVICE_REALM:<string>
Set the Kerberos realm for the MongoDB service. This may be necessary to support cross-realm authentication where the user exists in one realm and the service in another. Only valid when using the GSSAPI authentication mechanism.
AWS_SESSION_TOKEN:<security_token>
Set the AWS session token for authentication with temporary credentials when using an AssumeRole request, or when working with AWS resources that specify this value such as Lambda. Only valid when using the MONGODB-AWS authentication mechanism. You must have an AWS access key ID and a secret access key as well. See Connect to an Atlas Cluster for example usage.
gssapiServiceName

Set the Kerberos service name when connecting to Kerberized MongoDB instances. This value must match the service name set on MongoDB instances to which you are connecting.

gssapiServiceName defaults to mongodb for all clients and MongoDB instances. If you change saslServiceName setting on a MongoDB instance, you must set gssapiServiceName to match that setting.

gssapiServiceName is a deprecated aliases for authMechanismProperties=SERVICE_NAME:mongodb. For more information on which options your driver supports and their relative priority to each other, reference the documentation for your preferred driver version.

MongoDB provides the following options to configure how MongoDB drivers and mongos instances select a server to which to direct read or write operations.

Connection Option
Description
localThresholdMS

The size (in milliseconds) of the latency window for selecting among multiple suitable MongoDB instances. Default: 15 milliseconds.

All drivers use localThresholdMS. Use the localThreshold alias when specifying the latency window size to mongos.

serverSelectionTimeoutMS
Specifies how long (in milliseconds) to block for server selection before throwing an exception. Default: 30,000 milliseconds.
serverSelectionTryOnce

Single-threaded drivers only. When true, instructs the driver to scan the MongoDB deployment exactly once after server selection fails and then either select a server or raise an error. When false, the driver blocks and searches for a server up to the serverSelectionTimeoutMS value. Default: true.

Multi-threaded drivers and mongos do not support serverSelectionTryOnce.

heartbeatFrequencyMS

heartbeatFrequencyMS controls when the driver checks the state of the MongoDB deployment. Specify the interval (in milliseconds) between checks, counted from the end of the previous check until the beginning of the next one.

Default:

  • Single-threaded drivers: 60 seconds.

  • Multi-threaded drivers: 10 seconds.

mongos does not support changing the frequency of the heartbeat checks.

Connection Option
Description
appName

Specify a custom app name. The app name appears in

The appName connection option is only applicable when provided to a MongoDB Driver. This parameter has no effect when supplied to a client application such as MongoDB Compass or mongosh.

New in version 4.0.

retryReads

Enables retryable reads.

Possible values are:

  • true. Enables retryable reads for the connection.

    Official MongoDB drivers compatible with MongoDB Server 4.2 and later default to true.

  • false. Disables retryable reads for the connection.

mongosh does not support retryable reads.

New in version 4.2.

retryWrites

Enable retryable writes.

Possible values are:

  • true. Enables retryable writes for the connection.

    Official MongoDB 4.2+ compatible drivers default to true.

  • false. Disables retryable writes for the connection.

    Official MongoDB 4.0 and 3.6-compatible drivers default to false.

MongoDB drivers retry transaction commit and abort operations regardless of the value of retryWrites. For more information on transaction retryability, see Transaction Error Handling.

New in version 3.6.

uuidRepresentation

Possible values are:

standard
The standard binary representation.
csharpLegacy
The default representation for the C# driver.
javaLegacy
The default representation for the Java driver.
pythonLegacy
The default representation for the Python driver.

For the default, see the Drivers documentation for your driver.

Note

Not all drivers support the uuidRepresentation option. For information on your driver, see the drivers documentation.

The following provide example URI strings for common connection targets.

The following connects to a database server running locally on the default port:

mongodb://localhost

The following connects and logs in to the admin database as user sysop with the password moon:

mongodb://sysop:moon@localhost

The following connects and logs in to the records database as user sysop with the password moon:

mongodb://sysop:moon@localhost/records

Use a URL encoded connection string when connecting to a UNIX domain socket.

The following connects to a UNIX domain socket with file path /tmp/mongodb-27017.sock:

mongodb://%2Ftmp%2Fmongodb-27017.sock

Note

Not all drivers support UNIX domain sockets. For information on your driver, see the Drivers documentation.

The following connects to a replica set with two members, one on db1.example.net and the other on db2.example.net:

Note

For a replica set, specify the hostname(s) of the mongod instance(s) as listed in the replica set configuration.

mongodb://db1.example.net,db2.example.com/?replicaSet=test

The following connects to a replica set with three members running on localhost on ports 27017, 27018, and 27019:

Note

For a replica set, specify the hostname(s) of the mongod instance(s) as listed in the replica set configuration.

mongodb://localhost,localhost:27018,localhost:27019/?replicaSet=test

The following connects to a replica set with three members and distributes reads to the secondaries:

Note

For a replica set, specify the hostname(s) of the mongod instance(s) as listed in the replica set configuration.

mongodb://example1.com,example2.com,example3.com/?replicaSet=test&readPreference=secondary

The following connects to a replica set with write concern configured to wait for replication to succeed across a majority of the data-bearing voting members, with a two-second timeout.

Note

For a replica set, specify the hostname(s) of the mongod instance(s) as listed in the replica set configuration.

mongodb://example1.com,example2.com,example3.com/?replicaSet=test&w=majority&wtimeoutMS=2000

The following connects to a sharded cluster with three mongos instances:

mongodb://router1.example.com:27017,router2.example2.com:27017,router3.example3.com:27017/

New in version 4.4.

The following connects to a MongoDB Atlas cluster which has been configured to support authentication via AWS IAM credentials:

mongosh 'mongodb+srv://<aws access key id>:<aws secret access key>@cluster0.example.com/testdb?authSource=$external&authMechanism=MONGODB-AWS'

Connecting to Atlas using AWS IAM credentials in this manner uses the MONGODB-AWS authentication mechanism and the $external authSource, as shown in this example.

If using an AWS session token, as well, provide it with the AWS_SESSION_TOKEN authMechanismProperties value, as follows:

mongosh 'mongodb+srv://<aws access key id>:<aws secret access key>@cluster0.example.com/testdb?authSource=$external&authMechanism=MONGODB-AWS&authMechanismProperties=AWS_SESSION_TOKEN:<aws session token>'

Note

If the AWS access key ID, the secret access key, or the session token include the following characters:

: / ? # [ ] @

those characters must be converted using percent encoding.

You may also set these credentials on your platform using standard AWS IAM environment variables. mongosh checks for the following environment variables when you use the MONGODB-AWS authentication mechanism:

  • AWS_ACCESS_KEY_ID

  • AWS_SECRET_ACCESS_KEY

  • AWS_SESSION_TOKEN

If set, these credentials do not need to be specified in the connection string.

The following example sets these environment variables in the bash shell:

export AWS_ACCESS_KEY_ID='<aws access key id>'
export AWS_SECRET_ACCESS_KEY='<aws secret access key>'
export AWS_SESSION_TOKEN='<aws session token>'

Syntax for setting environment variables in other shells will be different. Consult the documentation for your platform for more information.

You can verify that these environment variables have been set with the following command:

env | grep AWS

Once set, the following example connects to a MongoDB Atlas cluster using these environment variables:

mongosh 'mongodb+srv://cluster0.example.com/testdb?authSource=$external&authMechanism=MONGODB-AWS'
←  System CollectionsCollation →