Khushi Nandwani

Posted on Jan 5

CineDB: Building a Movie Catalog with DocumentDB 📽️

#aws #database #mongodb #tutorial

📘 Introduction

This project demonstrates how to set up Amazon DocumentDB (with MongoDB compatibility) inside a custom Amazon VPC and securely connect to it from an EC2 instance and covers end-to-end steps starting from network creation, security configuration, cluster provisioning, client setup, and finally performing CRUD (Create, Read, Update, Delete) operations using the MongoDB shell (mongosh).

The goal is to understand how a managed NoSQL database like Amazon DocumentDB is deployed and accessed in a real-world AWS environment.

🏗️ Architecture Overview

The architecture is based on a private Amazon DocumentDB cluster deployed inside a custom VPC. An EC2 instance placed in a public subnet acts as the client machine to connect securely to the DocumentDB cluster using security groups and TLS encryption.

Key ideas:

DocumentDB runs inside private subnets
EC2 client accesses it through security group–based rules
Communication happens over port 27017 using TLSLS

🧩 Architecture Components

Amazon VPC: Custom VPC for isolation and network control
Public Subnet: Hosts the EC2 client instance
Amazon DocumentDB Cluster: MongoDB-compatible NoSQL database
Subnet Group: Defines subnets where DocumentDB can be deployed
Security Groups:
- DocumentDB cluster security group
- DocumentDB client (EC2) security group
Amazon EC2 (Amazon Linux 2): Client machine for database access
MongoDB Shell (mongosh): Used to interact with DocumentDB
TLS Certificate: Ensures encrypted communication

🎯 Why This Project?

To understand how Amazon DocumentDB works in a secure VPC setup
To learn networking and security concepts such as VPCs, subnets, and security groups
To practice MongoDB-style CRUD operations on a managed AWS service
To gain hands-on experience useful for cloud, DevOps, and database roles

✨ Key Features

Secure DocumentDB cluster deployment
Controlled access using security groups
MongoDB-compatible operations using mongosh
Full CRUD workflow on a sample movie catalog
Proper cleanup of AWS resources to avoid unnecessary costs

🛠️ Execution Workflow

I. VPC and Subnet Configuration

Open the AWS Management Console

Search for VPC and open the VPC Dashboard

Click Create VPC

Set VPC name as documentdb-demo-vpc

Keep all other settings as default

Click Create VPC

Once created, click View VPC

Go to Subnets

Select Public Subnet 1 and click edit subnet settings

Enable Auto-assign public IPv4 address

Save the subnet settings

II. DocumentDB Subnet Group Creation

Search for Amazon DocumentDB and open its dashboard

From the left menu, click Subnet groups

Click Create subnet group and enter the following details:
- Name: documentdb-subnet-group
- Description: Subnet group for DocumentDB
- VPC: Select the previously created VPC

Add all subnets associated with this VPC

Click Create subnet group

III. Security Group Configuration

A. DocumentDB Cluster Security Group

Open EC2 → Security Groups

Click Create security group, in Basic Details configure:
- Security group name: documentdb-sg
- Description: Security group for DocumentDB cluster
- VPC: documentdb-demo-vpc

Keep rest of the settings as defailt and click create security group

B. DocumentDB Client Security Group

Click Create security group again and in Basic Details configure:
- Security group name: documentdb-client-sg
- Description: Security group for DocumentDB clients
- VPC: documentdb-demo-vpc

Add an inbound rule with the following configuration:
- Type: SSH
- Port Range: 22
- Source: Anywhere-IPv4

Click Create security group

C. Inbound Rule Configuration

Open documentdb-sg and click edit inbound rules

Click Add rule and configure:
- Type: Custom TCP
- Port range: 27017
- Source: documentdb-client-sg
Save the rules

IV. Amazon DocumentDB Cluster Creation

Open Amazon DocumentDB

Click Create cluster & select instance-based cluster

In Cluster Configuration, configure:
- Cluster identifier: movie-catalog-cluster
- Engine version: 5.0

Choose DB instance class: Memory optimized

Keep cluster storage and connectivity settings as default

Under Authentication, configure:
- Username: docdbadmin
- Enable Self-managed passwords
- Enter and confirm username and password

Enable Advanced settings

Under Network settings:
- VPC: documentdb-demo-vpc
- Subnet group: documentdb-subnet-group
- Security group: documentdb-sg

Keep remaining settings as default

Disable Deletion Protection for cluster

Click Create cluster

Wait 10–15 minutes for cluster creation

V. EC2 Client Instance Setup

Open Amazon EC2 dashboard and click launch instance

Configure:
- Name: documentdb-client-ec2
- AMI: Amazon Linux 2
- Instance type: t2.micro or t3.micro

Create a Key Pair:
- Name: dynamodb-client
- Type: RSA
- Format: .pem

In Network settings:
- VPC: documentdb-demo-vpc
- Subnet: Choose a public subnet
- Security group: documentdb-client-sg

Click Launch instance

VI. Connect to EC2

Wait until instance status checks pass and click Connect

Choose EC2 Instance Connect and Click Connect

VII. MongoDB Shell Installation

Download MongoDB shell:

wget https://downloads.mongodb.com/compass/mongodb-mongosh-1.10.0.x86_64.rpm

Install mongosh:

sudo yum install -y mongodb-mongosh-1.10.0.x86_64.rpm

Verify installation:

mongosh --version

Download DocumentDB TLS certificate:

wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem

VIII. Connect to DocumentDB

Open Amazon DocumentDB → Clusters

Go to Connectivity & Security and copy the mongosh connection string

Paste it into the EC2 terminal and enter the database password

IX. Database Operations (CRUD)

Switch database:

use movieCatalog

Create collection:

db.createCollection("movies")

Insert data:

db.movies.insertMany([ { title: "Inception", genre: "Sci-Fi", releaseYear: 2010, rating: 8.8 }, { title: "Interstellar", genre: "Sci-Fi", releaseYear: 2014, rating: 8.6 }, { title: "The Dark Knight", genre: "Action", releaseYear: 2008, rating: 9.0 }, { title: "Avengers: Endgame", genre: "Superhero", releaseYear: 2019, rating: 8.4 }, { title: "Parasite", genre: "Thriller", releaseYear: 2019, rating: 8.6 } ])

Read all movies:

db.movies.find()

Find by genre:

db.movies.find({ genre: "Sci-Fi" })

Update one movie:

db.movies.updateOne( { title: "Interstellar" }, { $set: { rating: 8.7 } } )

Update multiple movies:

db.movies.updateMany( { genre: "Sci-Fi" }, { $inc: { rating: 0.1 } } )

Delete a movie:

db.movies.deleteOne({ title: "Parasite" })

Verify deletion:

db.movies.find().pretty()

Compare the total number of documents in the collection after deletion

db.movies.countDocuments()

📂 Full Repository
All source code, configuration steps, and documentation are available here:
https://github.com/Knandwani07/aws-database-architectures/tree/main/documentdb-movie-catalog

X. Cleanup

Delete DocumentDB cluster instance and DocumentDB cluster

Delete Subnet Group

Delete EC2 instance

Delete Key Pair

Delete Security Groups

Delete VPC

✅ Conclusion

This project provides a complete, production-style walkthrough of deploying and using Amazon DocumentDB securely within AWS. It covers networking, security, database operations, and cleanup, reflecting real-world cloud practices.