Mongodb atlas dedicated cluster: how to create peering connection with AWS and then access the cluster without whitelisting ips

0
votes

We have a dedicated M10 cluster in Mongodb Atlas, on which I have created a peering connection with AWS to incorporate security using VPC. I have followed this Mongodb document for configuring peering connection between AWS and cluster.

https://docs.atlas.mongodb.com/security-vpc-peering/

The peering connection is created successfully and is active now. But the thing is, I am unable to connect to cluster without whitelisting my IP. When I try to connect without whitelisting the IP, it gives below error:

Something went wrong MongooseServerSelectionError: Could not connect to any servers in your MongoDB Atlas cluster. One common reason is that you're trying to access the database from an IP that isn't whitelisted. Make sure your current IP address is on your Atlas cluster's IP whitelist: https://docs.atlas.mongodb.com/security-whitelist/

While after whitelisting the IP, I am able to connect to cluster successfully from local environment. What do I need to access a cluster within VPC using application? I can not use the option IP whitelisting as every user's IP can not be whitelisted.

I have already whitelisted CIDR block as mentioned by the above documentation.

1
mongodbamazon-vpcmongodb-atlas
VPC peering is to connect to to Atlas from AWS VPC (EC2, Lambda, etc). There is no magic in peering, it's essentially the same whitelisting but for the private range of IPs (VPC CIDR or subnet) assigned to the peer VPC. Peering changes nothing in terms of accessing Atlas from any external IP, e.g. your laptop or PC.Alex Blex
What does the last sentence have to do with the rest of the question?D. SM
@D.SM I got confused with network peering and IP whitelisting. That's why added the last sentence that following the steps provided in the document have whitelisted CIDR block as well.Avani Khabiya
@AlexBlex I tried connecting to cluster with Lambda with the peering connection created and Lambda lies within the same VPC, which is the accepter VPC. But I couldn't connect to it without allowing access from anywhere i.e. 0.0.0.0/0Avani Khabiya
It's hard to advise anything without details of your set up. If it doesn't work you probably missed something, made a typo, or hit a genuine bug. Please check docs.atlas.mongodb.com/best-practices-connecting-to-aws-lambda and related documentation.Alex Blex

1 Answers

1
votes

IP whitelisting is separate from peering. Peering determines the network, whitelisting determines who on the network is allowed access.

If you want to allow access from anything that has physical connectivity to the database, whitelist the entire world (0.0.0.0/0).