Unable to connect to mongodb from inside private subnet in aws

0
votes

I've a mongodb server hosted outside my VPC. I can access it directly over internet from my local system. I'm unable to connect it from instance in my private subnet. I have a NAT instance which allows All TCP from cidr of my VPC. I'm using this NAT instance in my route with destination 0.0.0.0/0 and this NAT instance as target. Subnet Network ACL allow all traffic inbound and outbound. From the private instance I tried ping google.com and wget www.google.com and both are working so internet access is there. Only connecting to mongodb is failing with connection timeout.

connection attempt failed: SocketException: Error connecting to <mongo endpoint> :: caused by :: Connection timed out

There is another mongodb server hosted on atlas. That is also available over internet to any IP. I'm again able to connect it from my local system and from instances in my default VPC but same connection timeout happens when try to access from instance in private subnet. Security Groups in private instance are as follows

Inbound
ALL TCP - source (vpc cidr)

Outbound
All traffic - desstination 0.0.0.0/0
2
mongodbamazon-web-services
Is there a firewall on the MongoDB side? - jellycsc
Hi, please give more details on network setup. Are they in same VPC. What are the security groups etc - Chris Williams
No. Mongodb server is default VPC and I can access it over internet from my local system. - Shwetanka
Updated question with security group details. - Shwetanka

2 Answers

0
votes

MongoDB connectivity requires two parts:

  1. Network connectivity itself. Are you able to connect to a daemon like ssh on the server running MongoDB using its private IP from the application instance?

  2. Correct DNS resolution. Are the DNS names you are using resolving to the IP you have tested in the previous step?

When replica sets or sharded clusters are used, all of the hostnames mentioned in RS/SC configuration (including traffic between MongoDB nodes) must also resolve to the IP addresses you tested in the first step and work.

0
votes

You may refer the following documentation to set up the VPC peering.

-VPC Peering with Atlas- (https://docs.atlas.mongodb.com/security-vpc-peering/) -VPC Peering Blog Post-(https://www.mongodb.com/blog/post/introducing-vpc-peering-for-mongodb-atlas) -CIDR Subnet Selection for MongoDB Atlas-(https://www.mongodb.com/blog/post/cidr-subnet-selection-for-mongodb-atlas)

However if you still encounter the issue with setting up the VPC, please provide the screenshot of your AWS VPC CIDR range, subnet ranges, Route tables, any NACL rules. Then also provide the ping and nslookup output from the host where you are trying to set up the VPC peering.