Navigation

Create One New Network Peering Connection

On this page

Create one network peering connection in an Atlas project. You must have either the Project Owner or Organization Owner role to successfully call this endpoint.

GCP and Azure only

You must enable Connect via Peering Only mode to use network peering.

Azure Prerequisites

Note

For details about how Atlas creates Network Peering connections with Azure VPCs, see the Azure tab in Set up a Network Peering Connection.

You must complete the following steps before you create each Azure network peering connection:

  1. Run the following Azure CLI command to create a service principal using the specified Atlas peering application ID:

    copy 
    az ad sp create --id e90a1407-55c3-432d-9cb1-3638900a9d22

    You only have to do this once for each subscription. If you receive the following message, the service principal with the Atlas peering application ID already exists. Proceed to the next step.

    Another object with the same value for property servicePrincipalNames already exists.

  2. Copy the following example peering-role.json file and save it to your current working directory:

    copy 
    {
  "Name":"AtlasPeering/<azureSubscriptionId>/<resourceGroupName>/<vnetName>",
  "IsCustom":true,
  "Description":"Grants MongoDB access to manage peering connections on network /subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>",
  "Actions":[
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
      "Microsoft.Network/virtualNetworks/peer/action"
  ],
  "AssignableScopes":[
      "/subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>"
  ]
}

  3. Replace the variables in the peering-role.json with details about the Azure VNet to which you want to create a peering connection:

    Variable Description
    azureSubscriptionId Unique identifer of the Azure subscription in which the VNet resides.
    resourceGroupName Name of your Azure resource group.
    vnetName Name of your Azure VNet.

  4. Run the following Azure CLI command to create the role definition using the peering-role.json file:

    copy 
    az role definition create --role-definition peering-role.json

  5. Run the Azure CLI command shown below to assign the role you created to the service principal.

    Replace the variables with the same values you used in the peering-role.json file.

    copy 
    az role assignment create  \
--role "AtlasPeering/<azureSubscriptionId>/<resourceGroupName>/<vnetName>" \
--assignee "e90a1407-55c3-432d-9cb1-3638900a9d22" \
--scope "/subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>"

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

Resource

copy 
POST /groups/{GROUP-ID}/peers

Request Path Parameters

Parameter Type Necessity Description
GROUP-ID string Required Unique identifier for the project.

Request Query Parameters

This endpoint may use any of the HTTP request query parameters available to all Atlas API resources. These are all optional.

Name Type Description Default
pretty boolean Indicates whether the response body should be in a prettyprint format. false
envelope boolean

Indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

status HTTP response code
envelope The expected response body
false

Request Body Parameters

Parameter Type Necessity Description
accepterRegionName string Required Specifies the region where the peer VPC resides. For complete lists of supported regions, see Amazon Web Services.
awsAccountId string Required Account ID of the owner of the peer VPC.
containerId string Required

Unique identifier of the Atlas VPC container for the region.

You can create an Atlas VPC container using the Create Container endpoint. You cannot create more than one container per region.

To retrieve a list of container IDs, use the Get list of VPC containers endpoint.
providerName string Optional Cloud provider for this VPC peering connection. If omitted, Atlas sets this parameter to AWS.
routeTableCidrBlock string Required Peer VPC CIDR block or subnet.
vpcId string Required Unique identifier of the peer VPC.
Body Parameter Type Description
azureDirectoryId string Unique identifier for an Azure AD directory.
azureSubscriptionId string Unique identifer of the Azure subscription in which the VNet resides.
containerId string Unique identifier of the Atlas network peering container for the region.
providerName string Name of the cloud provider.
resourceGroupName string Name of your Azure resource group.
vnetName string Name of your Azure VNet.
Parameter Type Necessity Description
containerId string Required

Unique identifier of the Atlas Network Peering container for GCP.

You can create a Atlas VPC container using the Create Container endpoint. You cannot create more than one GCP container per project.

To retrieve a list of container IDs, use the Get list of Network Peering containers endpoint.
gcpProjectId string Required GCP project ID of the owner of the network peer.
networkName string Required Name of the network peer to which Atlas connects.
providerName string Required Cloud provider for this Network Peering connection. Set this value to GCP.

Response Elements

Body Parameter Type Description
accepterRegionName string AWS region where the peer VPC resides. Returns null if the region is the same region in which the Atlas VPC resides.
awsAccountId string AWS account ID of the owner of the peer VPC.
connectionId string Unique identifier for the peering connection.
containerId string Unique identifier of the Atlas VPC container for the AWS region.
errorStateName string

Error state, if any.

The VPC peering connection error state value can be one of the following:

  • REJECTED
  • EXPIRED
  • INVALID_ARGUMENT
id string The CIDR block that Atlas uses for the clusters in your project.
routeTableCidrBlock string Peer VPC CIDR block or subnet.
statusName string

The VPC peering connection status value can be one of the following:

  • INITIATING
  • PENDING_ACCEPTANCE
  • FAILED
  • FINALIZING
  • AVAILABLE
  • TERMINATING
vpcId string Unique identifier of the peer VPC.
Response Field Type Description
azureDirectoryId string Unique identifier of your Azure AD directory.
azureSubscriptionId string Unique identifier of your Azure subscription.
containerId string Unique identifier of the Atlas network peering container.
errorState string Description of the Atlas error when status is Failed, Otherwise, Atlas returns null.
id string Unique identifier of the Atlas network peeering connection.
resourceGroupName string Unique identifier of your Azure resource group.
status string

Status of the Atlas network peering connection:

  • ADDING_PEER
  • AVAILABLE
  • FAILED
  • DELETING
vnetName string Unique identifier of your Azure VNet.
Body Parameter Type Description
containerId string Unique identifier of the Atlas Network Peering container for GCP.
gcpProjectId string GCP project ID of the owner of the network peer.
errorMessage string When "status" : "FAILED", Atlas provides a description of the error.
id string Atlas assigned unique ID for the connection. Only specific to and used by Atlas.
networkName string Name of the network peer to which Atlas connects.
status string

The Network Peering connection status value can be one of the following:

  • ADDING_PEER
  • WAITING_FOR_USER
  • AVAILABLE
  • FAILED
  • DELETING

Example Request

copy 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/peers?pretty=true" \
 --data '
   {
     "accepterRegionName" : "us-west-1",
     "awsAccountId" : "abc123abc123",
     "containerId" : "507f1f77bcf86cd799439011",
     "providerName" : "AWS",
     "routeTableCidrBlock" : "192.168.0.0/24",
     "vpcId" : "vpc-abc123abc123"
   }'
copy 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/peers?pretty=true" \
 --data '
   {
     "atlasCidrBlock": "192.168.0.0/21"
     "azureDirectoryId": "35039750-6ebd-4ad5-bcfe-cb4e5fc2d915",
     "azureSubscriptionId": "g893dec2-d92e-478d-bc50-cf99d31bgeg9",
     "containerId": "507f1f77bcf86cd799439011",
     "providerName": "AZURE",
     "resourceGroupName": "atlas-azure-peering",
     "vnetName": "azure-peer"
   }
copy 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/peers?pretty=true" \
 --data '
   {
     "containerId" : "507f1f77bcf86cd799439011",
     "gcpProjectId" : "my-sample-project-191923",
     "networkName" : "test1",
     "providerName" : "GCP"
   }'

Example Response

copy 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{
  "accepterRegionName" : "us-west-1",
  "awsAccountId" : "999900000000",
  "connectionId" : null,
  "containerId" : "507f1f77bcf86cd799439011",
  "errorStateName" : null,
  "id" : "1112222b3bf99403840e8934",
  "routeTableCidrBlock" : "10.15.0.0/16",
  "statusName" : "INITIATING",
  "vpcId" : "vpc-abc123abc123"
}
copy 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{
  "azureDirectoryId": "35039750-6ebd-4ad5-bcfe-cb4e5fc2d915",
  "azureSubscriptionId": "g893dec2-d92e-478d-bc50-cf99d31bgeg9",
  "containerId": "507f1f77bcf86cd799439011",
  "errorState": null,
  "id": "1112222b3bf99403840e8934",
  "resourceGroupName": "atlas-azure-peering",
  "status": "ADDING_PEER",
  "vnetName": "azure-peer"
}
copy 
1
2
3
4
5
6
7
{
  "containerId" : "507f1f77bcf86cd799439011",
  "gcpProjectId" : "my-sample-project-191923",
  "id" : "1112222b3bf99403840e8934",
  "networkName" : "test1",
  "status" : "ADDING_PEER"
}

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.