DocumentDB Configuration Guide

A dedicated detailed configuration guide for Amazon DocumentDB is provided here.

Using TLS (SSL) with Amazon DocumentDB

When you create a new DocumentDB instance in AWS, you can enable TLS to encrypt data in transit. You can also choose to disable this option if needed. Data encryption in transit for an Amazon DocumentDB cluster is managed through the TLS parameter in the cluster parameter group. You can manage the TLS settings for an Amazon DocumentDB cluster using the AWS Management Console or AWS Command Line Interface (AWS CLI). Reference
If TLS is enabled in Amazon DocumentDB, you will need a CA bundle certificate provided by AWS to connect.

Registering a CA Bundle Certificate

AWS offers two types of bundle certificates: a global bundle certificate that can be used across all regions and region-specific bundle certificates.

1. Download the bundle certificate.

2. In the QueryPie console, navigate to the Administrator > Databases > Connection Management > SSL Configurations.

3. Click the Create SSL button at the top right.

4. In the Name field, assign a name that makes it easy to identify.

5. Select Required in the SSL Mode field.

6. Open the downloaded bundle certificate (.pem file) in a text editor, copy the entire contents, and paste it into the CA Certificate field.

7. Click the Save button to save the configuration.

Mapping the Certificate to DocumentDB

1. Navigate to the Administrator > Databases > Connection Management > DB Connections menu.

2. Select the DocumentDB connection that was created through cloud synchronization.

3. Scroll down and go to the SSL / SSH Setting tab.

4. Check the Use SSL checkbox to enable it, then select the configuration name you registered in the previous step from the SSL Configurations dropdown.

5. Click the Save Changes button at the top right to save the settings.