Security Features and Setup¶
Network and Firewall Requirements¶
Make sure your application can reach your MongoDB Atlas environment. To add the inbound network access from your application environment to Atlas, do one of the following:
- Add the public IP addresses to your IP access list
- Use VPC / VNet peering to add private IP addresses.
If your firewall blocks outbound network connections, you must also open outbound access from your application environment to Atlas. You must configure your firewall to allow your applications to make outbound connections to ports 27015 to 27017 to TCP traffic on Atlas hosts. This grants your applications access to databases stored on Atlas.
By default, MongoDB Atlas clusters do not need to be able to initiate connections to your application environments. If you wish to enable Atlas clusters with LDAP authentication and authorization, you must allow network access from Atlas clusters directly to your secure LDAP . You can allow access to your LDAP by using public or private IPs as long as a public DNS hostname points to an IP that the Atlas clusters can access.
If you are not using VPC / VNet peering and plan to connect to Atlas using public IP addresses, see the following pages for additional information:
Preconfigured Security Features¶
The following security features are part of the Atlas product:
TLS /SSL ¶
Atlas uses TLS /SSL to encrypt the connections to your databases.
Virtual Private Cloud¶
If this is the first M10+
dedicated paid cluster for the
selected region or regions and you plan on creating one or more
VPC peering connections, please review the documentation
on VPC peering connections before continuing.
Required Security Features¶
You must configure the following security features:
IP Access List¶
Atlas only allows client connections to the cluster from entries in the project's IP access list. To connect, you must add an entry to the IP access list. To set up the IP access list for the project, see Configure IP Access List Entries.
For Atlas clusters deployed on Google Cloud Platform (GCP) or Microsoft Azure, add the IP addresses of your GCP or Azure services to Atlas project IP access list to grant those services access to the cluster.
User Authentication/Authorization¶
Atlas requires clients to authenticate to access the clusters, that is, the MongoDB databases. You must create database users to access the database. To set up database users to your clusters, see Configure Database Users.
To access clusters in a project, users must belong to that project. Users can belong to multiple projects.
Optional Security Features¶
You may configure the following security features:
Custom Roles¶
Atlas supports creating custom roles in cases where the built-in Atlas database user privileges cannot describe your desired set of privileges.
VPC Peering¶
Atlas supports VPC peering with other AWS , Azure , or GCP VPC