0

I have a VPC peering established with MongoDB Atlas, however when I try to resolve the database cluster's domain from within an EC2 instance in the same VPC, I get back the public IP. This is a problem because the whitelist can't contain any public IPs, as I want to grant access to the database only for internal services.

I tried to enable both "DNS resolution" and "DNS hostnames" in the VPC settings, as well as "Accepter DNS resolution" in the peering configuration, but nothing works.

Besides the information above, I can mention that the EC2 does have access to the Internet (that's how I connect via SSH to it), the VPC has only one subnet and the route table is properly configured to send traffic to the VPC peering (see screenshot below).

My questions are: 1) Is it possible to do what I'm trying (I saw multiple people on the Internet describing their solution to this, however they don't work for me -- good to note that their articles dates from years ago, so that all might be different now); 2) What am I doing wrong?

Carlos H Romano
  • 111
  • 5
  • You can use `ip-private-ipv4-address.ec2.internal` However, why not just use the IP address? – Mark Wagner Feb 07 '20 at 20:29
  • @MarkWagner I need the address of the database and not the instance, and the database address is given through domain name. – Carlos H Romano Feb 07 '20 at 21:59
  • 1
    https://docs.atlas.mongodb.com/security-vpc-peering/#vpc-peering "If DNS hostnames and DNS resolution are disabled and the VPC is accessible to the internet, the DNS resolves to the public IP address rather than the internal IP address." -- try disabling internet access for the MongoDB Atlas VPC – Mark Wagner Feb 07 '20 at 22:34
  • @MarkWagner You are right. However, the problem was that I missed their banner stating that some offerings don't support VPC peering and the one I was using is included in the list. I answered this question myself and added the link you posted, thanks for that, it helped. – Carlos H Romano Feb 09 '20 at 19:11

1 Answers1

0

I realized what was happening. From Atlas documentation:

MongoDB Atlas documentation page mentioning VPC peering isn't available for M0, M2 and M5 clusters

Creating a M10 cluster, for example, works perfectly.

Carlos H Romano
  • 111
  • 5