MongoDB(Mongo atlas) Client-side Field level encryption with AWS lambda

Question

I am trying to implement MongoDB Client-side Field level encryption inside aws lambda function. Getting an error

MongoServerSelectionError: connect ECONNREFUSED 127.0.0.1:27020

I am trying to create a secure connection as below

const keyVaultNamespace = "{Collection-name}.__keyVault";
const tmpPath = path.resolve(process.env.LAMBDA_TASK_ROOT, "../../tmp");
process.env.LD_LIBRARY_PATH = `${process.env.LD_LIBRARY_PATH}:${process.env.LAMBDA_TASK_ROOT}/lib`;

this.secureClient = new MongoClient(`{Mongo atlas URI}`, {
                    useNewUrlParser: true,
                    useUnifiedTopology: true,
                    autoEncryption: {
                        keyVaultNamespace,
                        kmsProviders,
                        schemaMap: accountsSchema,
                        extraOptions: {
                            mongocryptdSpawnArgs: [`--pidfilepath=${tmpPath}/mongocryptd.pid`],
                            mongocryptdSpawnPath: `${process.env.LAMBDA_TASK_ROOT}/bin/mongocryptd`,
                        }
                    },
                });
                await this.secureClient.connect();

I am trying to connect to my MongoDB Atlas.

Answer 1

The error says that mongocryptd process is not launched. Is this path ${process.env.LAMBDA_TASK_ROOT}/bin/mongocryptd accessible from lambda? It looks like no. However I would recommend using a shared library instead mongocryptd daemon that fully supersedes mongocryptd and doesn't require spawning a daemon. See this article about how it can be configured. You need to configure cryptSharedLibPath instead mongocryptdSpawn* options