Problem with Atlas MongoDB and AWS Peering

44d9553e6cb393d2d61a92e9df8d493 · January 13, 2023, 7:10pm

I set up connection between Atlas MongoDB and our VPC using AWS Peering. Configuration went smoothly but I do not know how to connect to my cluster from EC2 in our subnet. I do not know how to find IP MongoDB cluster ? When I try generate snippet on Mongodb page it generates something like this:

mongosh “mongodb+srv://something.mongodb.net/myFirstDatabase” --apiVersion 1 --username ouruser

I have the impression that it should provide an private IP but which one?

Jason_Tran · January 15, 2023, 11:18pm

Hi @44d9553e6cb393d2d61a92e9df8d493,

As per the DNS configuration documentation specific for AWS:

DNS resolves the cluster’s hostnames to their public IP address rather than their internal IP address if:

DNS hostnames are disabled,

DNS resolution is disabled, and

The user accesses the Atlas cluster from outside a peered VPC.

One method you can follow to try verify if the hostnames are resolving to a private IP is to perform the following from a client within a subnet associated with the VPC peering:

Resolve hostnames from SRV record. Further information here on this from my other topic reply.
ping the hostname(s) resolved from step 1

At step 2, the hostname(s) should resolve to a private IP assuming the VPC peering and DNS configuration are both set up appropriately. (AWS) Clients connecting from outside the VPC peering connection can use the same connection string but will connect over the public internet (assuming their IP is on the Network Access List).

If you’re still having trouble with VPC peering setup, you can try contacting the in-app Atlas chat support however this may only be useful if you’re having issues setting the VPC peering connection up from the Atlas end. There can be some configurations / cases where the DNS configuration on the AWS’s client side (some mentioned above) which cause the SRV record to resolve to public IP addresses rather than internal IP addresses.

Regards,
Jason

44d9553e6cb393d2d61a92e9df8d493 · January 18, 2023, 8:45am

It is appeared that we forgot add rule for peering in route table attached to subnet (by accident we added only rule to default route table for VPC )

Jason_Tran · January 18, 2023, 8:45am

Awesome sounds like you got it sorted from that

system · January 23, 2023, 8:46am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.