Amazon DocumentDB
Developer Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Amazon DocumentDB Quick Start Using AWS CloudFormation

This section contains steps and other information to help you get started quickly with Amazon DocumentDB (with MongoDB compatibility). For general information about Amazon DocumentDB, see What Is Amazon DocumentDB (with MongoDB Compatibility)?

These instructions use an AWS CloudFormation template to create a cluster and instances in your default Amazon VPC. For instructions on creating these resources yourself, see Getting Started with Amazon DocumentDB.


The AWS CloudFormation stack that is created by this template creates multiple resources, including resources in Amazon DocumentDB, e.g., a cluster and instances, Amazon Elastic Compute Cloud (Amazon EC2), i.e., subnet group, Amazon Virtual Private Cloud (Amazon VPC), and AWS Identity and Access Management (IAM).

Some of these resources are not free-tier resources. For pricing information, see Amazon DocumentDB Pricing and Amazon EC2 Pricing. You can delete the stack when you are finished with it to stop any charges.

This AWS CloudFormation stack is intended as a basis for a tutorial for Amazon DocumentDB. If you use this template for a production environment, we recommend that you use stricter IAM policies and security. For information about securing resources, see Amazon VPC Security and Amazon EC2 Network and Security.


Before you create an Amazon DocumentDB (with MongoDB compatibility) cluster, you must have the following:

  • A default Amazon VPC

  • The required IAM permissions

Required IAM Permissions

The following permissions allow you to create resources for the AWS CloudFormation stack:

AWS Managed Policies

  • AWSCloudFormationReadOnlyAccess

  • AmazonDocDBFullAccess

Additional IAM Permissions

The following policy outlines the additional permissions that are required to create and delete this AWS CloudFormation stack.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:CreateRole", "iam:CreatePolicy", "iam:PutRolePolicy", "iam:CreateInstanceProfile", "iam:AddRoleToInstanceProfile", "iam:GetAccountSummary", "iam:ListAccountAliases", "iam:PassRole", "iam:GetRole", "iam:DeleteRole", "iam:RemoveRoleFromInstanceProfile", "iam:DeleteRolePolicy", "iam:DeleteInstanceProfile", "cloudformation:*Stack", "ec2:DescribeKeyPairs", "ec2:*Vpc", "ec2:DescribeInternetGateways", "ec2:*InternetGateway", "ec2:createTags", "ec2:*VpcAttribute", "ec2:DescribeRouteTables", "ec2:*RouteTable", "ec2:*Subnet", "ec2:*SecurityGroup", "ec2:AuthorizeSecurityGroupIngress", "ec2:DescribeVpcEndpoints", "ec2:*VpcEndpoint", "ec2:*SubnetAttribute", "ec2:*Route", "ec2:*Instances", "ec2:DeleteVpcEndpoints" ], "Resource": "*" } ] }


The bolded permissions in the preceding policy are only required to delete a stack: iam:DeleteRole, iam:RemoveRoleFromInstanceProfile, iam:DeleteRolePolicy, iam:DeleteInstanceProfile, and ec2:DeleteVpcEndpoints.

Also note that ec2:*Vpc grants ec2:DeleteVpc permissions.

Amazon EC2 Key Pair

You must have a key pair (and the PEM file) available in the Region where you will create the AWS CloudFormation stack. If you need to create a key pair, see Creating a Key Pair Using Amazon EC2 in the Amazon EC2 User Guide for Linux Instances.

Launching the Amazon DocumentDB AWS CloudFormation Stack

To launch the Amazon DocumentDB stack from the AWS CloudFormation console

  1. Sign in to the AWS Management Console and open the AWS CloudFormation console at If you want to work in a different AWS Region than US East (N. Virginia) (us-east-1), in the upper-right corner of the console, choose the Region that you want to create the stack in.

  2. To launch an Amazon DocumentDB stack in the chosen region, choose the Launch Stack button for that region.

    Region View Template View in Designer Launch
    US East (Ohio) View Template View in Designer
    US East (N. Virginia) View Template View in Designer

    US West (Oregon)

    View Template View in Designer

    Asia Pacific (Seoul)

    View Template View in Designer

    Asia Pacific (Singapore)

    View Template View in Designer

    Asia Pacific (Sydney)

    View Template View in Designer

    Asia Pacific (Tokyo)

    View Template View in Designer

    EU (Frankfurt)

    View Template View in Designer

    EU (Ireland)

    View Template View in Designer

    EU (London)

    View Template View in Designer
  3. On the AWS CloudFormation Create stack page:

    1. On the Select Template page, choose Next.

    2. On the Specify Details page, choose Next.

    3. On the Options page, choose Next.

    4. On the Review page, if it is present, choose the box to acknowledge that AWS CloudFormation will create IAM resources, then choose Create.

Accessing the Amazon DocumentDB Cluster

Once the AWS CloudFormation stack has been completed, you can use an Amazon EC2 instance to connect to your Amazon DocumentDB cluster. For information about connecting to an Amazon EC2 instance using SSH, see Connect to Your Linux Instance in the Amazon EC2 User Guide for Linux Instances.

After you are connected, see the following sections, which contain information about using Amazon DocumentDB.