Skip to main content
Documentation
Troubleshooting
Feature Requests Status

MongoDB Replica Set Setup Guide

Edit on GitHub
  • Updated
Fivetran System User Fivetranner

Follow these instructions to connect your MongoDB replica set to your destination using Fivetran.

Prerequisiteslink

To connect your MongoDB replica set to Fivetran, you need:

  • MongoDB version 2.6 to 5.0
  • Your replica set’s IP (e.g., 1.2.3.4) or domain (your.server.com)
  • Your replica set’s port (usually 27017)

NOTE: Fivetran does not support Mongo tiers M0, M2, or M5 because MongoDB’s smaller managed tiers do not provide oplogs. We need oplogs to perform incremental updates.

Setup instructionslink

Choose connection methodlink

First, decide whether to connect Fivetran to your MongoDB replica set directly, using an SSH tunnel, or using AWS PrivateLink.

IMPORTANT: Your MongoDB server must have replication enabled already. If replication is not enabled, follow MongoDB’s replica set deployment instructions before proceeding.

Connect directly (TLS required)

IMPORTANT: You must have TLS enabled on your replica set to connect directly to Fivetran. Follow MongoDB’s TLS configuration instructions to enable TLS on your replica set.

Fivetran connects directly to your MongoDB replica set. This is the simplest and most secure method.

To connect directly, configure your firewall and/or other access control systems to allow incoming connections to your MongoDB port (usually27017) from Fivetran’s IPs for your replica set’s region. For help, see MongoDB’s Security documentation.

Connect using SSH (TLS optional)

Fivetran connects to a separate server in your network that provides an SSH tunnel to your replica set. You must connect through SSH if your database is in an inaccessible subnet.

To connect using SSH, configure your firewall and/or other access control systems to allow incoming connections to your MongoDB port (usually 27017) from your SSH tunnel server’s IP.

Before you proceed to the next step, you must follow our SSH connection instructions. If you want Fivetran to tunnel SSH over TLS, follow MongoDB’s TLS configuration instructions to enable TLS on your replica set.

Connect using AWS PrivateLink BETA

IMPORTANT: You must have a Business Critical plan to use AWS PrivateLink.

AWS PrivateLink allows VPCs and AWS-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. Learn more in AWS’ PrivateLink documentation.

Follow our AWS PrivateLink setup guide to configure PrivateLink for your database.

Create userlink

Create a database user for Fivetran using either the MongoDB shell or MongoDB Atlas.

MongoDB shell

  1. Open the MongoDB shell.

  2. Connect to your replica set or primary node using the MongoDB shell as an admin user.

  3. Go to the admin database.

  4. Execute the following command to create a user for Fivetran. Replace <username> and <password> with a username and password of your choice.

       use admin
   db.createUser({
     user: "<username>",
     pwd: "<password>",
     roles: [ "readAnyDatabase" ]
   })

    TIP : The Mongo shell command to create a user is db.AddUser() for versions 2.x.

    For v3.2 and greater, the built-in role readAnyDatabase no longer includes the local database. Instead, you must create the user with the following roles. Replace <username> and <password> with a username and password of your choice.

       use admin
   db.createUser({
     user: "<username>",
     pwd: "<password>",
     roles: [ "readAnyDatabase", {role: "read", db: "local"} ]
   })

    Read MongoDB’s built-in roles documentation for more details.

MongoDB Atlas

  1. Log in to the MongoDB Atlas dashboard.

  2. In the Security section of the left menu, select Database Access.

  3. Click New Database User.

  4. Choose the password authentication method.

  5. Enter the username and password for the new Fivetran user.

  6. In the Database User Privileges drop-down menu, select Grant Specific User Privileges.

  7. Under Specific Privileges, add the following roles/privileges:

    • readAnyDatabase
    • read on the local database

  8. Click Add User.

For more information, see MongoDB Atlas’ configure users documentation.

Set oplog sizelink

Set the oplog size so that it can retain at least 24 hours’ worth of changes. We recommend increasing the size to retain seven days’ worth of data. Adjust your oplog size using either the MongoDB shell or MongoDB Atlas:

Finish Fivetran configurationlink

  1. In your connector setup form, enter a destination schema prefix. This prefix applies to each replicated schema and cannot be changed once your connector is created.

  2. In the Host and ports field, do one of the following:

    • Enter the hostname and port number for your primary node and all replicas. Each entry should be a hostname or IP address that is appended by a colon and the port number (for example, server.example.com:27017 or 1.2.3.4:27017). Use the plus icon to add new fields until you have added all nodes.
    • Enter the SRV host record for your MongoDB instance. This will be a mongodb+srv:// URL value, such as mongodb+srv://server.example.com/.

    NOTE: Do not include any path contents after the top-level domain in this URL.

  3. Enter the Fivetran-specific user that you created in Step 2.

  4. Enter the password for the Fivetran-specific user that you created in Step 2.

  5. Choose your connection method. If you selected Connect via an SSH tunnel, provide the following information:

    • SSH hostname (do not use a load balancer’s IP address/hostname)
    • SSH port
    • SSH user
    • If you enabled SSL/TLS on your database in Step 1, set the Require TLS through tunnel toggle to ON.

  6. Click Save & Test. Fivetran tests and validates our connection to your MongoDB replica set. Upon successful completion of the setup tests, you can sync your data using Fivetran.

Setup testslink

Fivetran performs the following tests to ensure that we can connect to your MongoDB replica set and that it is properly configured:

  • The Connecting to SSH Tunnel Test validates the SSH tunnel details you provided in the setup form. It then checks that we can connect to your database using the SSH Tunnel. (We skip this test if you aren’t connecting using SSH.)
  • The Connecting to Host Test validates the database credentials you provided in the setup form. It then verifies that the database host is not private and checks that we can connect to the host.
  • The Validating Certificate Test generates a pop-up window where you must choose which certificate you want Fivetran to use. It then validates that certificate and checks that we can connect to your database using TLS. (We skip this test if you aren’t connecting directly.)
  • The Connecting to Database Test connects to your database instance and verifies that your database is at least version 2.6. It then checks that we can access the schemas in your database. Lastly, it verifies that we can access the oplog and that it contains at least 24 hours’ worth of changes.

NOTE: The tests may take a few minutes to finish running.

Related Contentlink

description Connector Overview

account_tree Schema Information

assignment Release Notes

settings API Connector Configuration

home Documentation Home

Related articles

Didn’t find what you need?

Contact support