Navigation

Set up VPC Peering Connection

Note

This feature is not available for Free Tier clusters. For more information, see Atlas M0 (Free Tier) Limitations.

AWS Only

Atlas supports VPC peering with other AWS VPCs in the same region.

For Atlas clusters deployed on Google Cloud Platform or Microsoft Azure, add the IP addresses of your GCP or Azure services to Atlas group IP whitelist to grant those services access to the cluster.

Important

To set up a VPC peering connection, you must be the group owner.

From the Clusters view, select the Security tab, then click Peering, then New Peering Connection.

Procedure

1

Optional: Enable DNS hostnames and DNS directives in AWS.

Enabling DNS hostnames and DNS directives can result in faster VPC peering.

  1. Log in to your AWS account.
  2. Go to the VPC dashboard.
  3. Open your list of VPC resources.
  4. Select the VPC you want to peer with.
  5. Enable DNS hostnames and DNS resolution. See Updating DNS Support for Your VPC for further documentation on how to enable these options.
2

Go to VPC Peering view.

From the Clusters view, select the Security tab, then Peering.

Click New Peering Connection.

3

Enter required information in the Peering Connection Dialog.

To create the VPC Peering connection, fill in the requested information:

Field Notes
AWS Account ID AWS Account ID of the owner of the peer VPC. Refer to the dialog for instructions on finding your AWS Account ID.
VPC ID

The ID of the peer VPC. Refer to the dialog for instructions on finding your VPC ID.

The VPC must be in the same region as the Atlas VPC.

Region

Region for the Atlas VPC and peer VPC.

If a region-specific VPC exists for Atlas, you cannot modify this value, and the VPC associated with the VPC ID must be in the same region as the Atlas VPC.

Otherwise, select the region for the Atlas VPC and the peer VPC. A VPC will be created for the Atlas group in this region, and all clusters for the Atlas group will be deployed inside this VPC.

VPC CIDR

The peer VPC CIDR block or subset. Must not overlap with your Atlas VPC CIDR block or any other peering connection VPC CIDR.

The peer CIDR block must be in one of the following private networks:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

You can choose to add the VPC CIDR block address (or a subset) to the whitelist. For VPC peering connections, you can also add the Security Group associated with the peer VPC instead of the CIDR block. See Add Entries to the Whitelist.

Atlas CIDR Block

The Atlas VPC CIDR block. Must not overlap with the VPC CIDR block.

Atlas uses the specified CIDR block for all other VPC peering connections created in the group.

The Atlas CIDR block must be at least a /24 and at most a /21 in one of the following private networks.

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

Atlas locks this value if an M10+ cluster or a VPC peering connection already exists. To modify the CIDR block, ensure there are no M10+ clusters in the group and no other VPC peering connections in the group. Alternatively, create a new group and create a VPC Peering Connection to set the desired Atlas VPC CIDR block for that group.

Important

Atlas limits the number of MongoDB nodes per VPC based on the CIDR block and the region selected for the group. For example, a group in an AWS region supporting 3 availability zones and a Atlas CIDR VPC block of /24 is limited to the equivalent of 27 3-node replica sets.

Contact MongoDB Support for any questions on Atlas limits of MongoDB nodes per VPC.

4

Click Initiate Peering.

5

Wait for approval of peering connection request.

The owner of the peer VPC must approve the VPC peering connection request. Ensure that the owner approves the request.

Atlas provides instructions for approving the connection request.

Important

Requests expire after 7 days.

6

Add to route table.

In the AWS Console under the Route Table for your VPC, select the Routes tab. Click Add another rule, add the Atlas VPC’s CIDR block, and save the entry.

Once set up, you can edit or terminate VPC peering connection from the Peering table.

To use, you must add your VPC CIDR block address (or subset) or the Security Group associated with the peer VPC to the whitelist.