• Loading Data
  • Adding a Data Source
  • MongoDB

Self-Managed MongoDB

For the following steps, you must have access to a MongoDB instance and be able to manage Custom Roles and Database Users within it. If you do not have access, please invite your MongoDB administrator to Rockset.

Create a Self-Managed MongoDB Integration

The steps below show how to set up a self-managed MongoDB integration using MongoDB SCRAM Authentication mechanism. An integration can provide access to one or more MongoDB collections across different databases in the same self-managed MongoDB cluster. You can use an integration to create Rockset collections that continuously sync data from your MongoDB collections.

Step 1: Prerequisites

For self-managed MongoDB in the public cloud or a data center, the following prerequisites are required:

  • The MongoDB cluster must be accessible to Rockset.
    • The MongoDB database must be exposed to public internet. AWS DocumentDB is not supported.
  • MongoDB must use SCRAM, the default MongoDB authentication mechanism. For more details, refer to MongoDB documentation on Authentication.
    • mTLS, LDAP, Kerberos, AWS IAM, and other authentication mechanisms are not supported.
  • Server-side TLS must use plain text or a public CA.
    • mTLS, custom private CA's, and self-signed certificates are not supported.
  • MongoDB change streams must be enabled. For more details refer to MongoDB documentation on Change Streams.
  • The MongoDB version must be 4.0 or higher.

Step 2: Configure MongoDB Custom Role

  1. Using MongoDB Shell (mongosh), create a new custom role. If you already have a role set up for Rockset, you may update that existing role. For more details, refer to MongoDB documentation on Manage Users and Roles.

  2. Set up read-only access to your MongoDB collection. Add the following actions or roles: find, changeStream, collStats and also specify the names of databases as well as collections for each of these actions or roles. You can update access to databases and collections via MongoDB Shell at any time without changes required in Rockset integration. The same integration can be used to create more Rockset collections based on permissions.

  3. Give the newly created or updated custom role a descriptive name. You will attach this custom role to a new or existing MongoDB user.

          role: "rockset-role",
          privileges: [
                resource: { db: "dbName", collection: "collectionName" },
                actions: [ "find", "changeStream", "collStats" ]
          roles: []

Why these permissions?

  • find - Required for initial collection scan when reading data.
  • changeStream - Required for retrieving records from MongoDB Change Streams.
  • collStats - Required for metadata about MongoDB collections.

Step 3: Configure MongoDB User

You'll need to create a MongoDB user to grant Rockset permissions to access your MongoDB resources.

  1. Using MongoDB shell (mongosh), set up a new user. Note: If you already have a user for Rockset set up, you may re-use it or update the custom role directly. For more details, refer to MongoDB documentation on Create a User.

  2. Using SCRAM password authentication specify a username and password for the database user, and specify the custom role created in Step 2.

  3. Record both username and password in the Rockset Console within a new MongoDB integration. Note that if you change the password later, you will need to drop and recreate the integration in Rockset.

          user: "rockset-user",
          pwd:  "1234",
          roles: [ "rockset-role" ]

Step 4: Configure Connection String

You'll need to provide the connection string for your MongoDB cluster for Rockset to connect to it.

  1. Provide the name of the database that connections will use by default.
  2. Format the connection string mongodb://<username>:<password>@hostname:port/<dbname> with the hostname and port of your MongoDB cluster. You don't need to replace username, password and dbname tags in the connection string. Record the connection string in the Rockset Console for the integration.

Step 5: Add Rockset IPs to IP Access List

To ensure connectivity with your MongoDB cluster, you must allow the inbound network access from your application environment to MongoDB by adding Rockset's public IP addresses to your IP access list. If you choose to skip adding Rockset IP address entries, make sure you enable the bindIpAll setting which enables access to the cluster from anywhere.

  1. Open the mongod configuration file for editing.
  2. Under net options, add Rockset's public IP addresses to the bindIp setting.
  3. Restart the mongod process to make these changes take effect.
  4. Ensure that the cluster running MongoDB also allowlists Rockset's public IP addresses.