- Amazon DocumentDB is a MongoDB-compatible managed database, but it has some differences that can trip up developers trying to use modern MongoDB clients.
- Troubleshooting connection issues – Amazon DocumentDB is often necessary because connecting to Amazon DocumentDB may throw errors that can be confusing, especially because DocumentDB is MongoDB-compatible but not identical.
1.Wire Version Mismatch
“MongoServerSelectionError: Server at <cluster-endpoint> reports maximum wire version 6, but this version of the driver requires at least 8 (MongoDB 4.2)”
DocumentDB 3.5 (and 3.6) supports MongoDB wire version 6 (features roughly equivalent to MongoDB 3.6).
Modern clients (mongosh 2.x, Node.js driver 4.x, MongoDB shell 8.x) require wire version 8 or higher, which corresponds to MongoDB 4.2+.
The client attempts to use features the server does not support → connection rejected.
Solution is to:-
Use a compatible MongoDB shell or driver:
Mongo shell 4.0.x
Node.js MongoDB driver 3.x
Python pymongo 3.x (not 4.x)
Avoid mongosh 2.x for DocumentDB 3.5 clusters.
2. ECONNRESET (Connection Reset by Peer)
“MongoServerSelectionError: read ECONNRESET”
The server forcibly closes the connection during handshake. Common reasons:
Network/firewall or security group blocking traffic on port 27017
Wrong TLS/SSL configuration (invalid CA certificate, missing ssl=true)
Connection string missing required parameters (replicaSet=rs0, retryWrites=false)
Solution is to:-
Check network connectivity using,
telnet <cluster-endpoint> 27017Use correct TLS CA:
–tlsCAFile /path/to/rds-combined-ca-bundle.pem
Ensure security groups allow your machine’s IP.
3 .Authentication / Unsupported Mechanism
“MongoServerError: Authentication failed / Unsupported mechanism SCRAM-SHA-256”
DocumentDB 3.5 supports SCRAM-SHA-1, but not SCRAM-SHA-256 or other advanced auth mechanisms.
Some clients default to SCRAM-SHA-256 (modern MongoDB shells/drivers).
Solution is to:-
Force authentication against the admin database:
authenticationDatabase admin
Ensure the client version supports SCRAM-SHA-1.
4 .Timeout / Server Selection Errors
“Server selection timed out after 30000 ms
connect ETIMEDOUT”
The client cannot find a suitable server for operations.
The Possible reasons are;
- Using an instance endpoint instead of the cluster endpoint
- Network or firewall blocking the connection
- Replica set parameters missing or misconfigured
- Read preference conflicts
Solution is to :-
Use cluster endpoint, not individual instance endpoints.
Include correct replica set name:
replicaSet=rs0
Set read preference:
readPreference=secondaryPreferred
5 .TLS/SSL Handshake Failures
“MongoServerSelectionError: SSL handshake failed / certificate verify failed”
DocumentDB requires TLS/SSL connections.
Using an incorrect CA bundle or missing –ssl or –tlsCAFile flags causes handshake failure.
Solution is to:-
Download AWS CA bundle:
wget https://truststore.pki.rds.amazonaws.com/global-bundle.pem -O /root/global-bundle.pemUse it in your connection:
--tlsCAFile /root/global-bundle.pem --sslEnsure the client supports TLS 1.2 (modern MongoDB shells do).
By following these best practices, you can reliably connect to DocumentDB, troubleshoot errors effectively.DocumentDB may not be a drop-in replacement for MongoDB, but with the right client configuration, it can integrate seamlessly into your applications.
Conclusion
If you’re still facing difficulties while connecting to Amazon DocumentDB using mongosh, our experts can help. Skynats provides Troubleshooting connection issues – Amazon DocumentDB through our specialized AWS Management Service and Server Management Services. Get 24×7 assistance to diagnose, fix, and optimize your DocumentDB setup—contact us today for expert support!
