Navigation

Security Features and Setup

Required Configurable Security Features. You must set up the following required security features:

  • Whitelist

    Atlas only allows client connections to the cluster from entries in the group’s whitelist. To connect, you must add an entry to the whitelist. To set up the whitelist for the group, see Add Entries to the Whitelist.

    For Atlas clusters deployed on Google Cloud Platform or Microsoft Azure, add the IP addresses of your GCP or Azure services to Atlas group IP whitelist to grant those services access to the cluster.

  • User Authentication/Authorization

    Atlas requires clients to authenticate to access the clusters, i.e. the MongoDB databases. You must create MongoDB users to access the database. To set up MongoDB users to your clusters, see Add MongoDB Users.

    To access clusters in a group, users must belong to that group. Users can belong to multiple groups. See Manage Atlas Users.

Optional Security Feature. Atlas provides the following optional security feature that you can set up:

  • VPC Peering (AWS Only)
    Atlas supports VPC peering with other AWS VPCs in the same region. To use VPC Peering, see Set up VPC Peering Connection.
  • Two Factor Authentication
    Atlas supports Two Factor Authentication (2FA) to help users control access to their Atlas accounts. To use 2FA, see Two Factor Authentication.

Non-configurable Security Features. The following non-configurable security features are inherent to Atlas:

  • TLS/SSL
    Atlas uses TLS/SSL to encrypt the connections to your databases.
  • Virtual private cloud (VPC)

    When Atlas deploys an Atlas group’s first M10+ paid cluster, Atlas also creates a VPC specific to the cloud service provider and region selected for the cluster. Atlas associates all subsequent clusters deployed in the group to this VPC, locking them to the cloud service provider and region. Atlas also sets a default VPC CIDR block address for the group.

    For clusters deployed on AWS, Atlas supports creating VPC peering connections between your Atlas clusters and other AWS VPCs in the same region. If you need a specific Atlas VPC CIDR block address, configure a VPC peering connection before creating your first M10+ cluster.

    For Atlas clusters deployed on GCP or Azure or Azure services to Atlas group IP whitelist to grant those services access to the cluster.