I am using following commands as aws suggests to download rds-combined-ca-bundle.pem file and to connect to cluster.
wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
mongo --ssl --host docdb-2021-03-29-09-23-57.cluster-cqwdgjnpay32.ap-south-1.docdb.amazonaws.com:27017 --sslCAFile rds-combined-ca-bundle.pem --username docudbadmin --password *****
getting the following
Error: couldn't connect to server docdb-2021-03-29-09-23-57.cluster-cqwdgjnpay32.ap-south-1.docdb.amazonaws.com:27017, connection attempt failed: HostUnreachable: Connection reset by peer : connect@src/mongo/shell/mongo.js:353:17 @(connect):2:6 exception: connect failed
But,with out enabling tls and tls_monitor parameters in cluster group,I'm able to connect from ec2 through mongo shell.
In Amazon DocumentDB, modifying the the tls parameter requires a reboot for the change to take effect. Thus, it is possible to modify the parameter, still have a pending change on the cluster, and still be able to connect without TLS. It is recommended to reboot all the instances in the cluster for the pending changes to take hold in the cluster and then try connecting with TLS again.