VPC peering between Atlas cluster and AWS

0

I have set up VPC Peering between my AWS VPC and Atlas cluster. My problem is that when I go to change my “IP access list” to remove the “0.0.0.0/0” IP, I am no longer able to connect to the cluster. I have included the VPC’s CIDR block in the allowed IPs and have also tried adding the Security group ID that is associated with the VPC.

On the AWS side, I have a lambda that is being triggered and which then communicates with Mongo. The VPC that the lambda sits within, has no “internet gateway” so as I understand it, it should not be able to connect to the open internet. The VPC’s Route table diverts all traffic (from the lambda) to the peering connection (which connects Atlas to my VPC).

From my setup, it seems that no traffic should be leaving my AWS VPC from any other IP address than the ones included in my VPC CIDR block. So why is it that removing the “0.0.0.0/0” IP from the list of allowed IP’s on mongo stops me from being able to connect?

asked 2 years ago988 views
1 Answer
1

Assuming routing and everything else is setup properly I would suggest enabling VPC Flow logs with additional Meta-Data to find out what is being rejected in both the Source and Destination VPCs.

https://aws.amazon.com/blogs/aws/learn-from-your-vpc-flow-logs-with-additional-meta-data/

Knowledge center article for troubleshooting connectivity over VPC Peering.

https://aws.amazon.com/premiumsupport/knowledge-center/vpc-peering-connectivity/

profile pictureAWS
EXPERT
answered 2 years ago
  • I have added flow logs and it seems that none of the traffic goes through the VPC (I'm guessing this is the case since the logs seem very empty, don't show any source or destination IP or anything). Is it possible for the lambda that is connected to the VPC to not send traffic through it?

  • Best way for you to isolate this is to create vanilla EC2 instance in the Source VPC and in the destination VPC and test a simple connectivity such as SSH over the Peering if that works fine then it is something with the Lambda or MongoDB that needs fixed.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions