Skip to main content

Connectivity and deployment

Connect docs via MCP

Find answers to common questions about how Atlan connects to Amazon DocumentDB, why the connector is supported only through Self-Deployed Runtime, and where to deploy the runtime.

Why is Amazon DocumentDB supported only through self-deployed runtime?

Amazon DocumentDB has no public endpoint by design. Amazon provisions every DocumentDB cluster inside your Amazon VPC, and the cluster is reachable only from within that VPC (or from a network with private connectivity to it). There is no internet-facing endpoint that Atlan Cloud can connect to.

Because of this, Atlan extracts Amazon DocumentDB metadata only through Self-Deployed Runtime (SDR). You deploy the runtime inside the same VPC as your DocumentDB cluster, where it can reach the cluster endpoint over the private network. The runtime connects locally to your cluster, runs read-only metadata queries, and sends only the resulting metadata back to Atlan Cloud over an outbound HTTPS connection. Your cluster never accepts inbound connections from the internet, and your credentials never leave your network.

This makes Amazon DocumentDB different from most Atlan connectors, which can also connect directly from Atlan Cloud. For Amazon DocumentDB, Self-Deployed Runtime is the only supported path. For details on how the runtime connects, see How Atlan connects to Amazon DocumentDB and SDR connectivity.

Can I use AWS RDS Proxy to connect Atlan to Amazon DocumentDB?

No. AWS RDS Proxy is a fully managed database proxy that pools connections and provides transparent failover, and it's the standard AWS-supported way to broker connections to a database. AWS offers RDS Proxy for Amazon RDS and Amazon Aurora database engines (MySQL, PostgreSQL, MariaDB, and SQL Server). However, RDS Proxy doesn't currently support Amazon DocumentDB or its MongoDB-compatible wire protocol, so it can't be used to connect Atlan to a DocumentDB cluster. Self-Deployed Runtime deployed inside your VPC remains the only supported path.

Where do I deploy self-deployed runtime for Amazon DocumentDB?

Deploy the runtime inside the same Amazon VPC as your DocumentDB cluster, or in a network that has private routing to the cluster, so the runtime can reach the cluster endpoint on port 27017 (default) over the private network. Lock down your DocumentDB security groups so that only the runtime can reach the cluster. The runtime needs only an outbound HTTPS connection (port 443) to Atlan Cloud—no inbound access from the internet is required. For installation steps, see Install via Docker Compose or Install on Kubernetes.

See also