# AWS - DocumentDB Enum

{{#include ../../../banners/hacktricks-training.md}}

## DocumentDB

Amazon DocumentDB, offering compatibility with MongoDB, is presented as a **fast, reliable, and fully managed database service**. Designed for simplicity in deployment, operation, and scalability, it allows the **seamless migration and operation of MongoDB-compatible databases in the cloud**. Users can leverage this service to execute their existing application code and utilize familiar drivers and tools, ensuring a smooth transition and operation akin to working with MongoDB.

### Enumeration

```bash
aws docdb describe-db-clusters # Get username from "MasterUsername", get also the endpoint from "Endpoint"
aws docdb describe-db-instances #Get hostnames from here

# Parameter groups
aws docdb describe-db-cluster-parameter-groups
aws docdb describe-db-cluster-parameters --db-cluster-parameter-group-name <param_group_name>

# Snapshots
aws docdb describe-db-cluster-snapshots
aws --region us-east-1 --profile ad docdb describe-db-cluster-snapshot-attributes --db-cluster-snapshot-identifier <snap_id>
```

### NoSQL Injection

As DocumentDB is a MongoDB compatible database, you can imagine it's also vulnerable to common NoSQL injection attacks:

{{#ref}}
https://book.hacktricks.wiki/en/pentesting-web/nosql-injection.html
{{#endref}}

### DocumentDB

{{#ref}}
../aws-unauthenticated-enum-access/aws-documentdb-enum.md
{{#endref}}

## References

- [https://aws.amazon.com/blogs/database/analyze-amazon-documentdb-workloads-with-performance-insights/](https://aws.amazon.com/blogs/database/analyze-amazon-documentdb-workloads-with-performance-insights/)

{{#include ../../../banners/hacktricks-training.md}}