MongoDbInstaller

class aws_rfdk.MongoDbInstaller(scope, *, version, user_sspl_acceptance=None)

Bases: object

This class provides a mechanism to install a version of MongoDB Community Edition during the initial launch of an instance.

MongoDB is installed from the official sources using the system package manger (yum). It installs the mongodb-org metapackage which will install the following packages:

1. mongodb-org-mongos;

2. mongodb-org-server;

3. mongodb-org-shell; and

4. mongodb-org-tools.

Successful installation of MongoDB with this class requires:

1. Explicit acceptance of the terms of the SSPL license, under which MongoDB is distributed; and

2. The instance on which the installation is being performed is in a subnet that can access the official MongoDB sites: https://repo.mongodb.org/ and https://www.mongodb.org

Resources Deployed

• A CDK Asset package containing the installation scripts is deployed to your CDK staging bucket.

Security Considerations

• Since this class installs MongoDB from official sources dynamically during instance start-up, it is succeptable to an attacker compromising the official MongoDB Inc. distribution channel for MongoDB. Such a compromise may result in the installation of unauthorized MongoDB binaries. Executing this attack would require an attacker compromise both the official installation packages and the MongoDB Inc. gpg key with which they are signed.

• Using this construct on an instance will result in that instance dynamically downloading and running scripts from your CDK bootstrap bucket when that instance is launched. You must limit write access to your CDK bootstrap bucket to prevent an attacker from modifying the actions performed by these scripts. We strongly recommend that you either enable Amazon S3 server access logging on your CDK bootstrap bucket, or enable AWS CloudTrail on your account to assist in post-incident analysis of compromised production environments.

Parameters

• scope (Construct) –

• version (MongoDbVersion) – The version of MongoDB to install.

• user_sspl_acceptance (Optional[MongoDbSsplLicenseAcceptance]) – MongoDB Community edition is licensed under the terms of the SSPL (see: https://www.mongodb.com/licensing/server-side-public-license ). Users of MongoDbInstaller must explicitly signify their acceptance of the terms of the SSPL through this property before the {@link MongoDbInstaller} will be allowed to install MongoDB. Default: MongoDbSsplLicenseAcceptance.USER_REJECTS_SSPL

Methods

install_on_linux_instance(target)

Install MongoDB to the given instance at instance startup.

This is accomplished by adding scripting to the instance’s UserData to install MongoDB.

Notes:

1. The instance on which the installation is being performed must be in a subnet that can access the official MongoDB sites: https://repo.mongodb.org/ and https://www.mongodb.org; and

2. At this time, this method only supports installation onto instances that are running an operating system that is compatible with x86-64 RedHat 7 – this includes Amazon Linux 2, RedHat 7, and CentOS 7.

Parameters

target (IScriptHost) – The target instance onto which to install MongoDB.

Return type

None