Navigation

Create One New Network Peering Connection

Create one network peering connection in an Atlas project. You must have either the Project Owner or Organization Owner role to succesfully call this endpoint.

Info With Circle IconCreated with Sketch.Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

Info With Circle IconCreated with Sketch.Note

For details about how Atlas creates Network Peering connections with Azure VPC s, see the Azure tab in Set up a Network Peering Connection.

You must complete the following steps before you create each Azure network peering connection:

  1. Run the following Azure CLI command to create a service principal using the specified Atlas peering application ID:

    az ad sp create --id e90a1407-55c3-432d-9cb1-3638900a9d22

    You only have to do this once for each subscription. If you receive the following message, the service principal with the Atlas peering application ID already exists. Proceed to the next step.

    Another object with the same value for property servicePrincipalNames already exists.
  2. Copy the following example peering-role.json file and save it to your current working directory:

    1{
    2 "Name":"AtlasPeering/<azureSubscriptionId>/<resourceGroupName>/<vnetName>",
    3 "IsCustom":true,
    4 "Description":"Grants MongoDB access to manage peering connections on network /subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>",
    5 "Actions":[
    6 "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
    7 "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
    8 "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
    9 "Microsoft.Network/virtualNetworks/peer/action"
    10 ],
    11 "AssignableScopes":[
    12 "/subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>"
    13 ]
    14}
  3. Replace the variables in the peering-role.json with details about the Azure VNet to which you want to create a peering connection:

    Variable
    Description
    azureSubscriptionId
    Unique identifer of the Azure subscription in which the VNet resides.
    resourceGroupName
    Name of your Azure resource group.
    vnetName
    Name of your Azure VNet.
  4. Run the following Azure CLI command to create the role definition using the peering-role.json file:

    az role definition create --role-definition peering-role.json
  5. Run the Azure CLI command shown below to assign the role you created to the service principal.

    Replace the variables with the same values you used in the peering-role.json file.

    az role assignment create \
    --role "AtlasPeering/<azureSubscriptionId>/<resourceGroupName>/<vnetName>" \
    --assignee "e90a1407-55c3-432d-9cb1-3638900a9d22" \
    --scope "/subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>"
POST /groups/{GROUP-ID}/peers
Parameter
Type
Necessity
Description
GROUP-ID
string
Required
Unique identifier for the project.

This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.

Name
Type
Necessity
Description
Default
pretty
boolean
Optional
Flag indicating whether the response body should be in a prettyprint format.
false
envelope
boolean
Optional

Flag indicating if Atlas should wrap the response in a JSON envelope.

This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

status
HTTP response code
envelope
Expected response body
false
Parameter
Type
Necessity
Description
accepterRegionName
string
Required
Specifies the region where the peer VPC resides. For complete lists of supported regions, see Amazon Web Services.
awsAccountId
string
Required
Account ID of the owner of the peer VPC .
containerId
string
Required

Unique identifier of the Atlas VPC container for the region.

You can create an Atlas network peering container using the Create Container endpoint. You cannot create more than one container per region.

To retrieve a list of container IDs, use the Get list of VPC containers endpoint.

providerName
string
Optional
Cloud provider for this VPC peering connection. If omitted, Atlas sets this parameter to AWS.
routeTableCidrBlock
string
Required
Peer VPC CIDR block or subnet.
vpcId
string
Required
Unique identifier of the peer VPC .
Body Parameter
Type
Description
accepterRegionName
string
AWS region where the peer VPC resides. Returns null if the region is the same region in which the Atlas VPC resides.
awsAccountId
string
AWS account ID of the owner of the peer VPC .
connectionId
string
Unique identifier for the peering connection.
containerId
string
Unique identifier of the Atlas VPC container for the AWS region.
errorStateName
string

Error state, if any.

The VPC peering connection error state value can be one of the following:

  • REJECTED
  • EXPIRED
  • INVALID_ARGUMENT
id
string
CIDR block that Atlas uses for the clusters in your project.
routeTableCidrBlock
string
Peer VPC CIDR block or subnet.
statusName
string

The VPC peering connection status value can be one of the following:

  • INITIATING
  • PENDING_ACCEPTANCE
  • FAILED
  • FINALIZING
  • AVAILABLE
  • TERMINATING
vpcId
string
Unique identifier of the peer VPC .
1curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
2 --header "Accept: application/json" \
3 --header "Content-Type: application/json" \
4 --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/peers?pretty=true" \
5 --data '
6 {
7 "accepterRegionName" : "us-west-1",
8 "awsAccountId" : "abc123abc123",
9 "containerId" : "{CONTAINER-ID}",
10 "providerName" : "AWS",
11 "routeTableCidrBlock" : "192.168.0.0/24",
12 "vpcId" : "vpc-abc123abc123"
13 }'
1{
2 "accepterRegionName" : "us-west-1",
3 "awsAccountId" : "999900000000",
4 "connectionId" : null,
5 "containerId" : "{CONTAINER-ID}",
6 "errorStateName" : null,
7 "id" : "{PEERING-CONNECTION-ID}",
8 "routeTableCidrBlock" : "10.15.0.0/16",
9 "statusName" : "INITIATING",
10 "vpcId" : "vpc-abc123abc123"
11}
Give Feedback