FAQ >
Networking

Networking¶

On this page

Do Atlas clusters’ public IPs ever change?
Can I specify my own VPC for my MongoDB Atlas project?
How do I find my Atlas-side hostnames to open up my outbound firewall?
How many cross-region network permissions does Atlas support?
Can Atlas be used with AWS Transit Gateway?
Can Atlas be used with AWS Direct Connect?

Do Atlas clusters’ public IPs ever change?¶

Note

This section applies to M10 or larger clusters only unless specified.

An Atlas cluster’s public IPs don’t change when you:

Scale the cluster vertically.
Unpause the cluster.
Change the cluster’s topology.
Terminate then re-deploy a cluster with the same name within 36 hours.
Experience a maintenance event on your cluster.
Experience healing event on your cluster.

An Atlas cluster’s public IP addresses must change when you:

Convert a replica set to a sharded cluster.
Add shards to a sharded cluster.
Change the region(s) into which a cluster is deployed.
Scale an M0, M2, or M5 cluster to an M10 or larger cluster.
Terminate then re-deploy a cluster with the same name but in a different tier within 36 hours.

To find the public IP address for any node in your cluster, use the nslookup tool from the command line. The IP address shown are the Address portion of the output.

copy

$ nslookup ds-shard-00-00-17jcm.mongodb-dev.net

Address: 34.226.104.79

Can I specify my own VPC for my MongoDB Atlas project?¶

No. An Atlas project, and its clusters, are associated with a region-specific VPC.

Atlas creates a VPC when you deploy the first M10+ dedicated paid cluster to a given provider and region. For multi-region clusters, Atlas creates one VPC per region if there is not already a VPC for that region.

(AWS deployments only) Atlas also creates a VPC when you create a VPC peering connection to an AWS VPC. Atlas creates the VPC in the same region as the peered VPC.

To use a different VPC (that is, on the customer’s own cloud infrastructure accounts), you would need to use MongoDB Cloud Manager or Ops Manager.

How do I find my Atlas-side hostnames to open up my outbound firewall?¶

If your firewall blocks outbound network connections, you must open outbound access from your application environment to MongoDB Atlas. To configure your application-side networks to accept Atlas traffic you can either use the:

Get All Clusters endpoint to retrieve the mongoURIs of your clusters from the response elements.
Get All MongoDB Processes in a Group endpoint to retrieve the hostnames of your clusters from the response elements.

You can parse these hostname values and pass the IP addresses programmatically into your application-tier orchestration automation to push firewall updates.

To find the public IP address for any node in your cluster, use the nslookup tool from the command line. The IP address is shown in the Address portion of the output.

copy

$ nslookup ds-shard-00-00-17jcm.mongodb-dev.net

Address: 34.226.104.79

How many cross-region network permissions does Atlas support?¶

For a given region in an Atlas project with multi-region clusters or clusters in multiple regions, there is a limit of 40 MongoDB nodes on all other regions in that project. This limit applies across all cloud service providers and can be raised upon request. GCP regions communicating with each other do not count against this limit.

Example

If an Atlas project has:

30 nodes in Region A
10 nodes in Region B
5 nodes in Region C

You can no longer add any nodes to your project in Region A or Region B. This is because the nodes in those clusters add up to 40, which is the maximum allowed per project. You can add up to 5 nodes in Region C while still satisfying the project limit.

This limit applies even if Regions A, B, and C are backed by different cloud service providers.

For Atlas projects where every cluster is deployed to a single region, you cannot create a multi-region cluster in that project if there are already 40 or more nodes in that single region unless you request that the limit be raised.

Please contact Atlas support for questions or assistance with raising this limit.

If you would exceed the cross-region permissions limit when creating a cluster through the Atlas API, the API returns the following error:

copy

{
  "error" : 403,
  "detail" : "Cannot have more than 40 cross-region network permissions.",
  "reason" : "Forbidden"
}

Can Atlas be used with AWS Transit Gateway?¶

Yes. AWS PrivateLink powers Atlas Private Endpoints. This allows for transitive connectivity. You can use the AWS Transit Gateway with your VPC if you connected your VPC to Atlas via AWS PrivateLink.

Can Atlas be used with AWS Direct Connect?¶

Yes. AWS PrivateLink powers Atlas Private Endpoints. This allows for transitive connectivity. You can use AWS Direct Connect with your VPC if you connected your VPC to Atlas via AWS PrivateLink.

← Monitoring and Alerts Security →