Hi there,
We’re building our web services on GCP and would like to use a MongoDB Atlas serverless cluster with our services. We’re trying to figure out how to connect our services (Cloud run/Cloud functions) securely to a serverless cluster. However VPC peering and Google Private Service Connect are not supported for serverless clusters. Is there a way for us to use a serverless cluster securely with GCP? If not, when will this feature be available? Many thanks for answering.
YS
Hi there
Unfortunately we do not have an estimate for when VPC peering or PSC will be available on Serverless. When you say “use a serverless cluster securely with GCP”- can you please elaborate on the security risks that you’re concerned about so that we can address those specifically?
Thank you,
Anurag
Hi Anurag,
Thank you for the prompt reply. Our web services are built with Cloud Run and Cloud Functions on GCP, and both Cloud run and Cloud Functions do not have a static public IP address that we could add into the whitelist in MongoDB Atlas. Currently for other projects we make Cloud Run/Functions connect to a VPC and use VPC peering to connect to a dedicated MongoDB cluster in Atlas through private IP addresses that we could use for whitelist. However for serverless cluster (that we’re trying to use for our new project) we couldn’t do the same as VPC peering/PSC is not available. We could only whitelist 0.0.0.0/0 for Cloud Run/Functions to connect which doesn’t seem quite secured.
YS
Hi Yu-Shiuan_Huang
Thank you for your feedback and apologies about the delay here. There are a couple of options I wanted to point you to that may help.
You can create a Static IP Address for Cloud Run/Cloud functions (See link). Once you have this IP address, you can whitelist only this IP address, so that no other IP can access your Atlas database.
GCP’s network is designed to keep traffic between virtual machine (VM) instances that are in the same or different regions on Google’s network, including when a load balancer is on the path (source). This should help add a layer of security to your traffic.
You can migrate to Atlas Dedicated and use PSC/VPC there. Is there a reason you are running this workload on Serverless vs. on Dedicated?
Hi Anurag,
Thank you for the answer. We’ll implement #1 to try out the severless cluster. We choose serverless cluster because we expect low traffic in our new web application at beginning. If the traffic grow to certain point we’ll migrate to dedicated cluster then.
Sounds good, please keep us posted on how you proceed
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.