MongoDB has expanded its observability capabilities with a new enhancement to the MongoDB Atlas Prometheus integration: users can now configure their Prometheus collectors to scrape metrics from Atlas dedicated clusters using AWS PrivateLink.

This advancement gives organizations a more secure and streamlined way to monitor their Atlas deployments. It combines operational visibility, network isolation, and simplified management under a single, private connection.

Strengthening observability through secure connectivity

For teams that depend on Prometheus to power their observability pipelines, AWS PrivateLink introduces a powerful new connectivity option beyond public internet and VPC peering. It’s purpose-built for customers who require strict security boundaries without compromising the efficiency and reliability of their monitoring systems.

With PrivateLink, metric data flows stay completely within the AWS network, ensuring end-to-end protection and compliance alignment while maintaining visibility into database health and performance.

Key advantages of using AWS PrivateLink with MongoDB Atlas

Enhanced security and compliance

All Prometheus metric collection traffic remains private within AWS infrastructure, eliminating exposure to the public internet and reducing the surface area for security risks. This enables organizations to meet stringent compliance and governance standards while maintaining continuous observability.

Simplified network management

PrivateLink eliminates the operational complexity that often accompanies VPC peering. It establishes a one-way private connection from a customer’s VPC directly to MongoDB Atlas, avoiding CIDR overlap issues and routing configuration challenges. The result is faster setup, easier maintenance, and reduced networking overhead for operations teams.

Predictable performance and regional scoping

By leveraging the AWS backbone, customers can expect more predictable latency and throughput for metric ingestion. PrivateLink also allows regional scoping, enabling organizations to define dedicated endpoints in each region where their MongoDB Atlas clusters operate, ensuring that metric traffic is both localized and securely routed.

Seamless integration with existing observability workflows 

MongoDB designed this feature for ease of adoption and compatibility with modern observability practices.

• Availability: AWS PrivateLink for Prometheus is supported for MongoDB Atlas dedicated instances (M10 and above), including sharded clusters.

• Configuration guidance: The MongoDB Atlas UI provides a sample Prometheus scrape configuration, serving as a reference point for setting up the PrivateLink discovery endpoint. Programmatic users can find detailed guidance in the Atlas documentation.

• Infrastructure as code: The integration supports both the MongoDB Atlas Public API and Terraform, allowing teams to manage PrivateLink configurations alongside other infrastructure components through IaC workflows.

• Straightforward deployment: The Prometheus PrivateLink connection uses the same PrivateLink endpoint used to connect to MongoDB Atlas clusters, so there’s no additional configuration needed beyond updating the Prometheus scrape configuration.

Regional setup for distributed clusters 

For multi-region MongoDB Atlas clusters, metric collection requires a regionalized approach to maintain low latency and optimal routing. MongoDB recommends deploying one Prometheus scraper and enabling one PrivateLink endpoint per region where metrics are collected. This ensures localized, consistent observability data while maintaining the benefits of PrivateLink’s private connectivity.

With AWS PrivateLink support for Prometheus integration, MongoDB continues to strengthen MongoDB Atlas’s position as a secure, enterprise-ready data platform for modern observability. Customers can now monitor their deployments with confidence, knowing that metrics flow privately, efficiently, and predictably across their AWS environments.