Enhanced Network Security with AWS PrivateLink and MongoDB Atlas

Marissa Jasso
December 12, 2019 | Updated: December 19, 2019
#enterprise security #MongoDB Atlas

Your data security is our highest priority. That’s why we built MongoDB Atlas to be secure by default, offering essential controls, advanced capabilities, and sophisticated integrations to satisfy even the strictest of data security and compliance standards. Our latest integration brings you an additional option for enhanced security with AWS’s rapidly popularized service: AWS PrivateLink.

AWS PrivateLink is the preferred way for many enterprise companies to guarantee private connectivity between all their AWS applications, services, and accounts. You can now add Atlas to the list of PrivateLink-enabled services as one of the first approved AWS PrivateLink Ready partners. This means that Atlas has been validated by the AWS as having demonstrated success in integrating with AWS PrivateLink.

Amazon Web Services Logo

Network Security in MongoDB Atlas

All dedicated clusters on MongoDB Atlas are deployed in their own VPC. You then have the option of connecting to your cluster via VPC peering or public IP whitelisting. VPC peering allows you to set up a peering connection between your Atlas VPC with your application VPC, which can be secured and managed with Access Control Lists (ACLs) and security groups.

Public IP whitelisting allows you to grant access to Atlas via specific public IP addresses. Combined with Atlas’s required end-to-end TLS and SCRAM authentication, it offers a secure connection mechanism for users without extending your network trust boundary. However, some companies have security requirements that do not allow in-bound access to databases from static public IPs.

MongoDB Atlas and AWS PrivateLink

By connecting MongoDB Atlas to your AWS applications with AWS PrivateLink, you can take advantage of unidirectional connection strings that prevent Atlas from initiating connections back to your application VPC. This preserves your network trust boundary by ensuring that all connections use private IPs within your VPCs and no traffic leaves the Amazon network.

Since AWS PrivateLink provides a one-way connection, it also eliminates the need for additional security controls (firewall rules, auditing, network access control lists, etc.) to block network access from your Atlas VPC to your application VPC. This simplifies your network architecture by allowing you to use the same set of security and network access controls across your organization.

With AWS PrivateLink, developers can also transitively connect to Atlas clusters from their local workstation via VPN through Direct Connect and PrivateLink-enabled VPCs without using public IP whitelisting.

Meeting Enterprise Security Requirements

As we iterate off the highest industry standards while independently innovating, Atlas is constantly evolving into the most secure version of itself it can be. With unique capabilities like client-side field-level encryption, the ability to bring your own KMS provider, and Global Clusters, Atlas is built to handle the strictest security and compliance requirements. Whether you need to comply with PCI, HIPAA, GDPR, or other regulations, Atlas can help protect your sensitive data and enhance the privacy of your workloads.

To learn more about configuring AWS PrivateLink with MongoDB Atlas, visit our Docs.

Try MongoDB in the Cloud

Create a free account and launch a cluster in minutes!

Start Free

← Previous

Come to the Dark Side With New Embedded Charts Capabilities

MongoDB Charts has been updated to give you more control over your embedded charts. You can now show charts in a dark theme, and apply custom filters to unauthenticated embedded charts.

December 12, 2019

Next →

Exploring New Security, Billing, and Customization Features in Atlas Charts

MongoDB is excited to announce a few new updates to Atlas Charts that enable you to securely share insights, gain deeper visibility into expenses, and customize your most frequently used data visualizations. Based on specific feedback received from users of our native visualization tool, these significant improvements will make data analysis even more productive. We: Improved security in Atlas Charts for passcode-protected public dashboards Increased visibility into Atlas spending through an updated billing dashboard Introduced new customization for table charts through hyperlinks and hidden columns Secure insights with passcode-protected public dashboards First, there’s the new passcode-protected public dashboards feature that brings an extra layer of security to publicly shared dashboards—we understand that not everyone who benefits from Atlas Charts operates within MongoDB Atlas. Alongside the ability to schedule email reports and support for publicly-shared dashboards , we’re offering a new and secure way to spread insights with the launch of our latest feature. Add an extra layer of security to previously publicly shared dashboards, ensuring that only authorized users with the passcode can access your data. Enabling passcode protection on a dashboard is simple. As a dashboard owner, a new option is available to protect dashboard links with a passcode when sharing it publicly. Check the box to protect your public link with a passcode Once enabled, a passcode is automatically generated and can be copied to the clipboard (and regenerated on demand as needed). Viewers navigating to dashboards via the public link will see a new screen prompting them to enter a passcode. Once authenticated successfully, they can view the dashboard just as before. Easily access your dashboards by inputting your password when prompted Whether you're sharing insights with clients, stakeholders, or team members, rest assured that your data remains easily accessible yet secure. To learn more about the different ways we support dashboard sharing, check out our documentation . What’s new in the Atlas Charts billing dashboard Next, we continue to make enhancements to the MongoDB Atlas Charts billing dashboard , all of which provide insights into Atlas expenses. We are delighted to share that it’s now possible to see resource tags data, as well as billing data from all linked organizations inside the Atlas Charts billing dashboard. Additionally, users can now ingest billing data from another organization, provided they possess the organization’s API keys. These newly introduced features rely on the availability of billing data within the organization. And for those leveraging resource tags, the billing data will seamlessly integrate, empowering users to generate personalized charts or to incorporate tailored dashboard filters within the Atlas Charts billing dashboard. If cross-organization billing is enabled, editing the configuration will ingest the linked organization’s billing data for the last three months, with the option to extend this period to up to a year by creating a new ingestion. Project tags data in the Atlas Charts billing dashboard Resource tags are now seamlessly integrated into billing data and can be included in any of the charts or the dashboard filters inside the Atlas billing dashboard. For example, our MongoDB organization uses the Atlas auto-suggested tags “application” and “environment,” alongside a custom resource tag labeled "team." The following chart uses the tags data and shows the billing cost per team and per environment. A chart which depicts cost per team and environment using tags The subsequent chart presents the billing cost allocated per project and team, providing valuable insights into the primary cost drivers for each team's projects. A chart depicting cost allocated per project and team Users can also add a dashboard filter to the “tags” field, which will allow them to see the whole dashboard based on the selected tag values. In the next example, we have selected a specific “team” : “Charts” from the tags dashboard filter, so we can see all of the billing insights per team thanks to our custom tag. Billing insights filtered by specific "charts" team in an intuitive dashboard Linked organization’s data in the Atlas Charts billing dashboard For complex Atlas projects spanning multiple organizations, the Atlas Charts billing dashboard now seamlessly integrates billing data from all linked organizations. The most productive use case is to add a dashboard filter based on the "organizationId" to enable filtering data according to specific organizations for a more granular analysis of the spending. Dashboard filtered by the organizationID field to show insights for one organization Billing data from another organization Users can now ingest billing data from other organizations that are not directly linked, provided they possess authorization API keys, bringing the data you need to where you are. Provide the API key to ingest billing data from other organizations These new features in the Atlas Charts billing dashboard are designed to provide richer, more detailed insights into organization spend. Check out our documentation and our previous blog post to learn more about it. Hyperlinks and hidden columns for tables in Atlas Charts Of all the data visualization methods available in Atlas Charts, table charts rank as one of the most popular among our users. So it should come as no surprise that one of the most highly requested features from our customers is the ability to format columnar data as hyperlinks. We're excited to announce that this is now possible in Atlas Charts through the new hyperlink customization options available for table charts . With hyperlink customization, you can format columnar data as hyperlinks using any of the following URI protocols: http, https, mailto, or tel, and can be constructed statically or dynamically using encoded fields. Let’s assume we’ve created a table using the sample movies dataset in Atlas, with encodings like title, imdb.id, runtime, genre, poster_display—which is a calculated field —and more. Customization panel in Atlas Charts To turn movie titles into clickable links that direct users to their respective IMDB pages, navigate to the customization panel and click into the hyperlinking feature in the fields tab . We will format the title field as a hyperlink which links to the Internet Movie Database (IMDB) entry for that movie. IMDB URLs are formatted as follows, where id needs to be substituted with the value of the imdb.id field for each document. https://www.imdb.com/title/tt<id>/ Customize the “title” field in the table chart to link to IMDB using the “imdb.id” field in the URI input. Below, a preview displays the fully formatted URI with fields substituted for their values, helping to ensure it’s correct before we save it to be applied to the chart. Preview of URI in the hyperlinking panel Since we only need the imdb.id field to be encoded for the purpose of constructing the URI applied to the title field, we can hide the column from rendering using another new customization option. Select the imdb.id field in the customization panel, and toggle on the “Hide Column” option. Toggle "Hide Column" We also support using URI values directly from fields (provided they use one of the supported protocols). Let’s see this in action by creating a hyperlink to the movie poster. In the URI input, trigger the encoded field menu using the @ keyboard shortcut, and select the poster field. Similar to the previous example, a preview will be displayed. After saving and applying the hyperlink formatting, we can hide the rendering of the poster field as needed to keep the chart clean. Use the @ keyboard shortcut to trigger the encoded field menu All these options are accessible in the customization panel, making it straightforward to enhance table charts with interactive hyperlinks. For more detailed instructions, visit our documentation . As we conclude this roundup, we hope you’re as excited about these updates as we are. The Atlas Charts team is dedicated to continuously improving Atlas Charts to meet your needs and enhance your data visualization experience. Stay tuned for more updates, and happy charting! New to Atlas Charts? Get started today by logging into or signing up for MongoDB Atlas , deploying or selecting a cluster, and activating Charts for free.

September 5, 2024