Docs Menu

Manage VPC Peering Connections

Note

This feature is not available for any of the following deployments:

  • Serverless instances

  • M0 clusters

  • M2/M5 clusters

  • Flex clusters

To learn more, see Limits.

Atlas supports network peering connections for dedicated clusters hosted on AWS, Google Cloud, and Azure, and on multi-cloud sharded clusters.

Network peering establishes a private connection between your Atlas VPC and your cloud provider's VPC. The connection isolates traffic from public networks for added security.

Warning

Atlas does not support Network Peering between clusters deployed in a single region on different cloud providers. For example, you cannot set up Network Peering between an Atlas cluster hosted in a single region on AWS and an application hosted in a single region on GCP.

The procedures on this page walk you through creating an outbound VPC connection, as well as creating, accepting, rejecting, and deleting an inbound VPC peering connection to your stream processing instance instances.

To create and configure connections, you must have the following:

  • An Atlas project

  • An Atlas user with the Project Owner or the Project Stream Processing Owner role to manage a connection registry

    Note

    The Project Owner role allows you to create database deployments, manage project access and project settings, manage IP Access List entries, and more.

    The Project Stream Processing Owner role enables Atlas Stream Processing actions such as viewing, creating, deleting, and editing stream processing instances, and creating, updating, and deleting VPC Peering connections in the connection registry.

    See Project Roles to learn more about the differences between the two roles.

  • An Atlas cluster

To create outbound VPC peering connections to your stream processing instance:

To create outbound VPC peering connections to your stream processing instance using the Atlas UI, see Add an Apache Kafka Connection.

To create outbound VPC peering connections to your stream processing instance using the API, see Return All Network Peering Connections in One Project.

If you want to create inbound VPC peering connections to your stream processing instance, you first need to retrieve the AWS account ID, the AWS VPC ID, and the CIDR block associated with your Atlas project to initiate a VPC peering request from an external cloud environment.

To retrieve the AWS account ID, the AWS VPC ID, and the CIDR block for an Atlas project using the Atlas Administration API, see Returns the Account ID, and the VPC ID for the group and region specified.

To list all inbound VPC peering connections to your stream processing instance using the Atlas Administration API, see Return All VPC Peering Connections.

To accept an inbound VPC peering connection to your stream processing instance using the Atlas Administration API, see Requests the acceptance of an incoming VPC Peering connection.

A sample API request resembles the following:

curl \
-s --user "ojarafoc:1ecf4c70-98ea-4168-8e44-fd67dba0f3ba" \
--digest \
--header 'Accept: application/vnd.atlas.2023-02-01+json' \
--header 'Content-Type: application/json' \
-d '{"requesterVpcId": "vpc-0d13eb6a2f0377854", "requesterAccountId":"417601102659"}' \
--request POST \
"https://cloud-dev.mongodb.com/api/atlas/v2/groups/671a86f4cfc9da7d7c31b14f/streams/vpcPeeringConnections/pcx-09277e1e81d0751c1:accept"

Note the following example parameter values:

Parameter values
Description

ajarafoc:a98a3a67-7400-4d6f-94b2-20a64118524d

The API public key and private key

{"requesterVpcId": "vpc-0d13eb6a2f0377854", "requesterAccountId":"417601102659"}

The POST payload containing the request's VPC ID and AWS Account ID

671a86f4cfc9da7d7c31b14f

The Atlas project Id

pcx-09277e1e81d0751c1

The incoming VPC connection name obtained from listing inbound VPC peering connections

To reject an inbound VPC peering connection to your stream processing instance using the Atlas Administration API, see Requests the rejection of an incoming VPC Peering connection.

To delete an inbound VPC peering connection to your stream processing instance using the Atlas Administration API, see Deletes an incoming VPC Peering connection.