Atlas + CloudRun + VPC

MongoDB Atlas
1

Cloud Run - Serverless runtime for containerized applications
Mongo Atlas - Fully managed MongoDB

Mongo Atlas requires IP address whitelisting, meaning that if the request isn’t coming from a whitelisted IP, it is blocked by the firewall.

Issue:

  1. Cloud Run’s external IP is ephemeral, meaning it can change at any time.
    2.Solution:* Establish a peer connection/VPC connection between Mongo Atlas and a GCP VPC, and whitelist the VPC’s IP address ranges.Fix: VPC peering has been done. A VM was created to test the VPC connection to Mongo Atlas. Without any additional IP whitelisting, the connection to Mongo Atlas is successful.
  2. However, serverless instances cannot access this VPC.
    4.Fix:* A serverless connector to the VPC has been set up, and Cloud Run is configured to use this connector for all its communications (ideally, only MongoDB connections should go through this).
  3. Despite these steps, Cloud Run is still unable to communicate with Mongo Atlas.

Questions:

  • Do we need to set up a static IP address via NAT?
  • Is there a simpler path to achieve a connection between Mongo Atlas and Cloud Run?

MongoDB VPC Peering Documentation

2

Hi Abin

I am a bit confused by this sentence " A VM was created to test the VPC connection to Mongo Atlas. Without any additional IP whitelisting, the connection to Mongo Atlas is successful."

How were you able to connect using a VPC connection to MongoDB Atlas Serverless? Serverless does not support VPC peering.

Also, please note that Serverless instances will be replaced by Flex clusters in the month of May. Therefore, if you’d like to keep using private networking, we recommend that you use a Dedicated Cluster instead

1 Like
3

Hello Anurag,

Thanks for the reply.
“How were you able to connect using a VPC connection to MongoDB Atlas Serverless? Serverless does not support VPC peering.”

I wasn’t able to connect to atlas serverless.
I was confirming that VPC peering was successful ( I was able to spin up a different vm not serverless and connect to atlas)

So you are saying that there is no way for serverless apps to communicate to atlas securely?

This woudn’t work?
Cloud Run app → Serverless VPC connect → VPC Peered network with atlas → Atlas

And how will this change with flex clusters?

4

What Atlas cluster type are you using? Can you please navigate to your cluster in a webbrowser and send me the URL you see?

My confusion is what parts of your architecture are “Serverless”? Is it MongoDB, non-MongoDB or all of it?