Options for accessing an AWS DocumentDB in private VPC / Subnet

💬 Queries and Resources
1

We want to make dashboards for data contained in AWS DocumentDB databases that are in our private VPC with no direct public internet access. As I understand it, we could do one of the following:

  1. Deploy Retool within the private AWS VPC that hosts the DocumentDB cluster, which would allow it to have access to the databases. That appears to require infrastructure for a VM, a PostgreSQL databasem, and a Temporal cluster. Is that correct?
  2. Create a publicly accessible EC2 instance with access to the private VPC / Subnet that allows SSH access from Retool and configure it as a bastion host for the Retool MongoDB connector, allowing Retool to tunnel through the EC2 instance to the DocumentDB cluster.
  3. Install Retool RPC on a machine with access to the DocumentDB and configure it to provide some kind of access.

I have read the docs and chatted with the chatbot enough that I think those are the options, but I wanted to make sure I was not missing anything.

For example, is there any chance that DocumentDB will be added to the options to directly import from AWS (Import resources from AWS | Retool Docs) any time soon?

I would like an answer from a Retool representative, if possible, so that we are certain of the options we have and can make a decision about how to proceed.

3

Hello @kelly.walker!

Great write and documentation collation :raised_hands:

All three options will work to accomplish your goal, but there are some tradeoffs and it comes down to preference of how they want to setup the infrastructure.

I'd go with Option 1 since it's more secure.

Option 2 adds overhead to all queries since everything goes through a SSH tunnel.

Option 3 is more work since it additionally requires a custom connector to access the DB (which you could probably more easily do in workflows anyway).

DocumentDB is not likely to be added to the options to directly import from AWS unfortunately :sweat:

Hope this helps!