API >
API Resources >
Network Peering >
Create One New Network Peering Connection

Create One New Network Peering Connection¶

On this page

Azure Prerequisites
Resource
Response Elements
Example Request
Example Response

Create one network peering connection in an Atlas project. You must have either the Project Owner or Organization Owner role to succesfully call this endpoint.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

Base URL: https://cloud.mongodb.com/api/atlas/v1.0

Azure Prerequisites¶

Note

For details about how Atlas creates Network Peering connections with Azure VPCs, see the Azure tab in Set up a Network Peering Connection.

You must complete the following steps before you create each Azure network peering connection:

Run the following Azure CLI command to create a service principal using the specified Atlas peering application ID:
copy
```
az ad sp create --id e90a1407-55c3-432d-9cb1-3638900a9d22
```
You only have to do this once for each subscription. If you receive the following message, the service principal with the Atlas peering application ID already exists. Proceed to the next step.
```
Another object with the same value for property servicePrincipalNames already exists.
```

Copy the following example peering-role.json file and save it to your current working directory:

copy

{
  "Name":"AtlasPeering/<azureSubscriptionId>/<resourceGroupName>/<vnetName>",
  "IsCustom":true,
  "Description":"Grants MongoDB access to manage peering connections on network /subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>",
  "Actions":[
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
      "Microsoft.Network/virtualNetworks/peer/action"
  ],
  "AssignableScopes":[
      "/subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>"
  ]
}

Replace the variables in the peering-role.json with details about the Azure VNet to which you want to create a peering connection:

Variable	Description
`azureSubscriptionId`	Unique identifer of the Azure subscription in which the VNet resides.
`resourceGroupName`	Name of your Azure resource group.
`vnetName`	Name of your Azure VNet.

Run the following Azure CLI command to create the role definition using the peering-role.json file:
copy
```
az role definition create --role-definition peering-role.json
```

Run the Azure CLI command shown below to assign the role you created to the service principal.

Replace the variables with the same values you used in the peering-role.json file.

copy

az role assignment create  \
--role "AtlasPeering/<azureSubscriptionId>/<resourceGroupName>/<vnetName>" \
--assignee "e90a1407-55c3-432d-9cb1-3638900a9d22" \
--scope "/subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>"

Resource¶

copy

POST /groups/{GROUP-ID}/peers

Request Path Parameters¶

Parameter	Type	Necessity	Description
`GROUP-ID`	string	Required	Unique identifier for the project.

Request Query Parameters¶

This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.

Name Type Necessity Description Default

pretty boolean Optional Flag indicating whether the response body should be in a prettyprint format. false

envelope

boolean

Optional

Flag indicating if Cloud Manager should wrap the response in a JSON envelope.

This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

`status`	HTTP response code
`envelope`	Expected response body

false

Request Body Parameters¶

AWS
Azure
GCP

Parameter	Type	Necessity	Description
`accepterRegionName`	string	Required	Specifies the region where the peer VPC resides. For complete lists of supported regions, see Amazon Web Services.
`awsAccountId`	string	Required	Account ID of the owner of the peer VPC.
`containerId`	string	Required	Unique identifier of the Atlas VPC container for the region. You can create an Atlas network peering container using the Create Container endpoint. You cannot create more than one container per region. To retrieve a list of container IDs, use the Get list of VPC containers endpoint.
`providerName`	string	Optional	Cloud provider for this VPC peering connection. If omitted, Atlas sets this parameter to `AWS`.
`routeTableCidrBlock`	string	Required	Peer VPC CIDR block or subnet.
`vpcId`	string	Required	Unique identifier of the peer VPC.

Body Parameter	Type	Description
`azureDirectoryId`	string	Unique identifier for an Azure AD directory.
`azureSubscriptionId`	string	Unique identifer of the Azure subscription in which the VNet resides.
`containerId`	string	Unique identifier of the Atlas network peering container for the region. You can create an Atlas network peering container using the Create Container endpoint. You cannot create more than one container per region. To retrieve a list of container IDs, use the Get list of VPC containers endpoint.
`providerName`	string	Name of the cloud provider.
`resourceGroupName`	string	Name of your Azure resource group.
`vnetName`	string	Name of your Azure VNet.

Parameter	Type	Necessity	Description
`containerId`	string	Required	Unique identifier of the Atlas Network Peering container for GCP. You can create a Atlas VPC container using the Create Container endpoint. You cannot create more than one GCP container per project. To retrieve a list of container IDs, use the Get list of Network Peering containers endpoint.
`gcpProjectId`	string	Required	GCP project ID of the owner of the network peer.
`networkName`	string	Required	Name of the network peer to which Atlas connects.
`providerName`	string	Required	Cloud provider for this Network Peering connection. Set this value to `GCP`.

Response Elements¶

Body Parameter	Type	Description
`accepterRegionName`	string	AWS region where the peer VPC resides. Returns `null` if the region is the same region in which the Atlas VPC resides.
`awsAccountId`	string	AWS account ID of the owner of the peer VPC.
`connectionId`	string	Unique identifier for the peering connection.
`containerId`	string	Unique identifier of the Atlas VPC container for the AWS region.
`errorStateName`	string	Error state, if any. The VPC peering connection error state value can be one of the following: `REJECTED` `EXPIRED` `INVALID_ARGUMENT`
`id`	string	CIDR block that Atlas uses for the clusters in your project.
`routeTableCidrBlock`	string	Peer VPC CIDR block or subnet.
`statusName`	string	The VPC peering connection status value can be one of the following: `INITIATING` `PENDING_ACCEPTANCE` `FAILED` `FINALIZING` `AVAILABLE` `TERMINATING`
`vpcId`	string	Unique identifier of the peer VPC.

Response Field	Type	Description
`azureDirectoryId`	string	Unique identifier of your Azure AD directory.
`azureSubscriptionId`	string	Unique identifier of your Azure subscription.
`containerId`	string	Unique identifier of the Atlas network peering container.
`errorState`	string	Description of the Atlas error when `"status" : "FAILED"`. Otherwise, Atlas returns `null`.
`id`	string	Unique identifier of the Atlas network peeering connection.
`resourceGroupName`	string	Unique identifier of your Azure resource group.
`status`	string	Status of the Atlas network peering connection: `ADDING_PEER` `AVAILABLE` `FAILED` `DELETING`
`vnetName`	string	Unique identifier of your Azure VNet.

Body Parameter	Type	Description
`containerId`	string	Unique identifier of the Atlas Network Peering container for GCP.
`gcpProjectId`	string	GCP project ID of the owner of the network peer.
`errorMessage`	string	When `"status" : "FAILED"`, Atlas provides a description of the error.
`id`	string	Atlas assigned unique ID for the connection. Only specific to and used by Atlas.
`networkName`	string	Name of the network peer to which Atlas connects.
`status`	string	The Network Peering connection status value can be one of the following: `ADDING_PEER` `WAITING_FOR_USER` `AVAILABLE` `FAILED` `DELETING`

Example Request¶

AWS
Azure
GCP

copy

curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/peers?pretty=true" \
 --data '
   {
     "accepterRegionName" : "us-west-1",
     "awsAccountId" : "abc123abc123",
     "containerId" : "{CONTAINER-ID}",
     "providerName" : "AWS",
     "routeTableCidrBlock" : "192.168.0.0/24",
     "vpcId" : "vpc-abc123abc123"
   }'

copy

curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/peers?pretty=true" \
 --data '
   {
     "azureDirectoryId": "35039750-6ebd-4ad5-bcfe-cb4e5fc2d915",
     "azureSubscriptionId": "g893dec2-d92e-478d-bc50-cf99d31bgeg9",
     "containerId": "{CONTAINER-ID}",
     "providerName": "AZURE",
     "resourceGroupName": "atlas-azure-peering",
     "vnetName": "azure-peer"
   }

copy

curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --request POST "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/peers?pretty=true" \
 --data '
   {
     "containerId" : "{CONTAINER-ID}",
     "gcpProjectId" : "my-sample-project-191923",
     "networkName" : "test1",
     "providerName" : "GCP"
   }'

Example Response¶

AWS
Azure
GCP

copy

{
  "accepterRegionName" : "us-west-1",
  "awsAccountId" : "999900000000",
  "connectionId" : null,
  "containerId" : "{CONTAINER-ID}",
  "errorStateName" : null,
  "id" : "{PEERING-CONNECTION-ID}",
  "routeTableCidrBlock" : "10.15.0.0/16",
  "statusName" : "INITIATING",
  "vpcId" : "vpc-abc123abc123"
}

copy

{
  "azureDirectoryId": "35039750-6ebd-4ad5-bcfe-cb4e5fc2d915",
  "azureSubscriptionId": "g893dec2-d92e-478d-bc50-cf99d31bgeg9",
  "containerId": "{CONTAINER-ID}",
  "errorState": null,
  "id": "{PEERING-CONNECTION-ID}",
  "resourceGroupName": "atlas-azure-peering",
  "status": "ADDING_PEER",
  "vnetName": "azure-peer"
}

copy

{
  "containerId" : "{CONTAINER-ID}",
  "gcpProjectId" : "my-sample-project-191923",
  "id" : "{PEERING-CONNECTION-ID}",
  "networkName" : "test1",
  "status" : "ADDING_PEER"
}

← Get One Network Peering Connection in a Project Update One New Network Peering Connection →