AWS DocumentDB is a relatively new service we're trying to migrate to. To connect from outside of the VPC, you have to create a tunnel to an existing instance.
For example:
ssh -i "ec2Access.pem" -L 27017:sample-cluster.cluster-cu52jq5kfddg.us-east-1.docdb.amazonaws.com:27017 ubuntu@ec2-34-229-221-164.compute-1.amazonaws.com -N
And then you can connect from mongo shell with:
mongo --sslAllowInvalidHostnames --ssl --sslCAFile rds-combined-ca-bundle.pem --username <yourUsername> --password <yourPassword>
You can see this info at: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html
I'm actually able to get a shell into document db following the above instructions but I can not connect to it using MongoDB compass. We need to be able to do this for our non-developer team.
I have done this using only MongoDB Compass (Community, v. 1.16.4), without creation of a tunnel via external tools.
Firstly, download AWS's certificate from: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem. I have got this link from: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
Also make sure that you have an access to your DocDB cluster from the EC2 instance. To do it look into security groups settings specified for your DocDB cluster. Given that you are able to get the access using mongo shell, you should have it.
Then on the connection screen in MongoDB Compass specify the following (your credentials used as an example):