Manage VPC Peering Connections
On this page
Note
This feature is not available for any of the following deployments:
Serverless instances
M0clustersM2/M5clustersFlex clusters
To learn more, see Limits.
Atlas supports network peering connections for dedicated clusters hosted on AWS, Google Cloud, and Azure, and on multi-cloud sharded clusters.
Network peering establishes a private connection between your Atlas VPC and your cloud provider's VPC. The connection isolates traffic from public networks for added security.
Warning
Atlas does not support Network Peering between clusters deployed in a single region on different cloud providers. For example, you cannot set up Network Peering between an Atlas cluster hosted in a single region on AWS and an application hosted in a single region on GCP.
The procedures on this page walk you through creating an outbound VPC connection, as well as creating, accepting, rejecting, and deleting an inbound VPC peering connection to your stream processing instance instances.
Prerequisites
To create and configure connections, you must have the following:
An Atlas project
An Atlas user with the
Project Owneror theProject Stream Processing Ownerrole to manage a connection registryNote
The
Project Ownerrole allows you to create database deployments, manage project access and project settings, manage IP Access List entries, and more.The
Project Stream Processing Ownerrole enables Atlas Stream Processing actions such as viewing, creating, deleting, and editing stream processing instances, and creating, updating, and deleting VPC Peering connections in the connection registry.See Project Roles to learn more about the differences between the two roles.
An Atlas cluster
Create Outbound VPC Peering Connections
To create outbound VPC peering connections to your stream processing instance:
To create outbound VPC peering connections to your stream processing instance using the Atlas UI, see Add an Apache Kafka Connection.
To create outbound VPC peering connections to your stream processing instance using the API, see Return All Network Peering Connections in One Project.
Get AWS Account ID and VPC ID for a Project
If you want to create inbound VPC peering connections to your stream processing instance, you first need to retrieve the AWS account ID, the AWS VPC ID, and the CIDR block associated with your Atlas project to initiate a VPC peering request from an external cloud environment.
To retrieve the AWS account ID, the AWS VPC ID, and the CIDR block for an Atlas project using the Atlas Administration API, see Returns the Account ID, and the VPC ID for the group and region specified.
List Inbound VPC Peering Connections
To list all inbound VPC peering connections to your stream processing instance using the Atlas Administration API, see Return All VPC Peering Connections.
Accept an Inbound VPC Peering Connection
To accept an inbound VPC peering connection to your stream processing instance using the Atlas Administration API, see Requests the acceptance of an incoming VPC Peering connection.
A sample API request resembles the following:
curl \ -s --user "ojarafoc:1ecf4c70-98ea-4168-8e44-fd67dba0f3ba" \ --digest \ --header 'Accept: application/vnd.atlas.2023-02-01+json' \ --header 'Content-Type: application/json' \ -d '{"requesterVpcId": "vpc-0d13eb6a2f0377854", "requesterAccountId":"417601102659"}' \ --request POST \ "https://cloud-dev.mongodb.com/api/atlas/v2/groups/671a86f4cfc9da7d7c31b14f/streams/vpcPeeringConnections/pcx-09277e1e81d0751c1:accept"
Note the following example parameter values:
Parameter values | Description |
|---|---|
ajarafoc:a98a3a67-7400-4d6f-94b2-20a64118524d | The API public key and private key |
{"requesterVpcId": "vpc-0d13eb6a2f0377854", "requesterAccountId":"417601102659"} | The POST payload containing the request's VPC ID and AWS Account ID |
671a86f4cfc9da7d7c31b14f | The Atlas project Id |
pcx-09277e1e81d0751c1 | The incoming VPC connection name obtained from listing inbound VPC peering connections |
Reject an Inbound VPC Peering Connection
To reject an inbound VPC peering connection to your stream processing instance using the Atlas Administration API, see Requests the rejection of an incoming VPC Peering connection.
Delete an Inbound VPC Peering Connection
To delete an inbound VPC peering connection to your stream processing instance using the Atlas Administration API, see Deletes an incoming VPC Peering connection.