> ## Documentation Index > Fetch the complete documentation index at: https://docs.cloudthinker.io/llms.txt > Use this file to discover all available pages before exploring further. # MongoDB > Connect MongoDB databases to CloudThinker for document query analysis, performance tuning, and operational insights Connect your MongoDB databases to enable [Tony](/guide/agents/tony) (Database Engineer) to analyze queries, optimize performance, and monitor database health. *** ## Supported Platforms | Platform | Support | | ----------------------- | ------------------ | | **Self-hosted MongoDB** | 4.x, 5.x, 6.x, 7.x | | **MongoDB Atlas** | All versions | *** ## Setup Select your MongoDB platform for specific connection instructions: Connect to your MongoDB instance using the Mongo shell (`mongosh`) with administrative privileges. *Replace ``, ``, and `` with your credentials. The `/admin` database is required.* ```bash theme={null} mongosh "mongodb://:@:27017/admin" ``` Ensure you are on the `admin` database where users are created: ```javascript theme={null} use admin ``` Create a dedicated user for CloudThinker using standard MongoDB built-in roles: ```javascript theme={null} db.createUser({ user: "", pwd: "", roles: [ { role: "readAnyDatabase", db: "admin" }, { role: "clusterMonitor", db: "admin" } ] }) ``` The `clusterMonitor` role is recommended for performance metrics analysis. Ensure CloudThinker can reach your database: * Add CloudThinker IPs to your firewall or security group. * Ensure MongoDB is bound to an accessible IP address in `mongod.conf`. Your connection string will follow this format: ``` mongodb://:@:27017/admin?tls=true&appName=CloudThinker ``` *Note: Include `tls=true` if your deployment enforces TLS encryption in transit.* Log in to your MongoDB Atlas dashboard at [cloud.mongodb.com/v2](https://cloud.mongodb.com/v2). From the left sidebar, scroll down to the **Security** section and select **Database Access**. Click **Add New Database User** and configure the following: * **Authentication Method:** Password * **Username:** `` * **Password:** `` (Generate a secure password) * **Database User Privileges:** Select **Built-in Role** and choose **Read Any Database**. Navigate to **Network Access** under the **Security** section on the left sidebar: * Click **IP Access List**. * Click **+ Add IP Address**. * **Access List Entry:** Enter the CloudThinker static IP addresses provided in the CloudThinker connection setup screen. If you are just testing, you can enter `0.0.0.0/0` (allows access from anywhere), though this is not recommended for production. * **Comment:** Enter a descriptive name like `"CloudThinker Agent Access"` for future auditing. * Click **Confirm**. Navigate to the **Databases** tab (under Deployment), click **Connect** on your cluster, and choose **Drivers**: Atlas provides a string that looks like this: ``` mongodb+srv://:@..mongodb.net/?appName= ``` **CloudThinker Requires / Recommends:** ``` mongodb+srv://:@..mongodb.net/admin?appName=CloudThinker&tls=true&retryWrites=false ``` *Explanation of changes:* * Replace ``, ``, ``, and `` with your specific details. * Added `/admin` to explicitly specify the authentication database. * Changed to `appName=CloudThinker` for easy identification in your database logs. * Added `tls=true` to enforce encryption in transit (Security Best Practice). * Added `retryWrites=false` since this read-only user will not be performing writes. *** ## Add Connection in CloudThinker Back in the CloudThinker App, navigate to **Connections → MongoDB**, add your customized Connection String, and finish. *** ## Required Permissions To get the most out of Tony's analysis, the following standard MongoDB built-in roles are recommended: * `readAnyDatabase`: Required to analyze queries and index usage across your collections. * `clusterMonitor`: Recommended. Provides access to `serverStatus`, `replSetGetStatus`, and other diagnostic commands for performance metrics without granting write access. *** ## Agent Capabilities Once connected, [Tony](/guide/agents/tony) can: | Capability | Description | | ------------------------- | ------------------------------------------------------------ | | **Query Analysis** | Identify slow queries, analyze execution plans (`explain()`) | | **Index Recommendations** | Find missing indexes, identify unused indexes | | **Performance Metrics** | Monitor connections, memory usage, replication lag | ### Example Prompts ```bash theme={null} @tony analyze slow queries on production MongoDB @tony recommend index optimizations for the users collection @tony check replication lag on the secondary nodes ``` *** ## Connection Options | Option | Description | Default | | ---------------------- | --------------------------------------- | --------- | | **TLS/SSL** | Require TLS for the connection | `true` | | **Read Preference** | Which nodes to route read operations to | `primary` | | **Connection Timeout** | Seconds to wait for connection | 10 | *** ## Troubleshooting * Verify username and password are correct. * Ensure the user is created on the `admin` database, or append `?authSource=admin` to your connection string. * If using Atlas, ensure the user was created with the correct privileges under Database Access. * Check if CloudThinker IPs are added to your Atlas Network Access list or your firewall. * For local MongoDB, ensure `bindIp` in `mongod.conf` is not set to only `127.0.0.1`. *** ## Security Best Practices * **Strong passwords** - Use complex, unique passwords for the database user. * **TLS encryption** - Always encrypt data in transit (`tls=true`). * **Network restrictions** - Restrict database access to CloudThinker IPs via firewalls or Atlas Network Access. * **Minimal permissions** - Never grant write or admin roles to the CloudThinker user. *** ## Related Database-focused optimization agent Setup instructions for PostgreSQL databases