Can not connect to Atlas Mongo server from Fargate container without public IP
There is AWS Fargate instance that was created without public IP. It is located in the network where everything is allowed by default. No explicit bans. There is a table that routes out default traffic to the internet gateway. But I can not get the mongo atlas server. Resources were downloaded to the container using VPC endpoints.
I receive the following error.
Error inside node js application
[currency.listen] (node:79) UnhandledPromiseRejectionWarning: MongooseServerSelectionError: Could not connect to any servers in your MongoDB Atlas cluster. One common reason is that you're trying to access the database from an IP that isn't whitelisted. Make sure your current IP address is on your Atlas cluster's IP whitelist: https://docs.atlas.mongodb.com/security-whitelist/
Mongo connection URL
mongodb+srv://victor:**************@pet-db.x8n6pl4.mongodb.net/?retryWrites=true&w=majority mongo connection url.
I thought that IGW routing is enough. Under there are network settings. It works with public IP. I am trying to keep everything secure doing everything properly. Could you give me some advice?
Network
Outbound routing
| rule | to |
|---|---|
| 10.10.0.0/1 | local |
| 0.0.0.0/0 | igw-06fe0dabd17281f51 |
| pl-6da54004 | vpce-0ef14f2a86cd8de02 |
| ### Outbound ACL | |
| Rule number | Type |
| - | - |
| 100 | All traffic |
| * | All |
Security group
| Name | Security group rule ID | IP version | Type | Protocol | Port range | Destination | Description |
|---|---|---|---|---|---|---|---|
| - | sgr-044001697d4c97b32 | IPv4 | All traffic | All | All | 0.0.0.0/0 | – |
Regards, Victor.
- Newest
- Most votes
- Most comments
Your ECS Fargate task needs to be attached to a subnet which has a default route to a NAT Gateway.
Then traffic from NAT gateway needs to route to an internet gateway.
Internet gateways only work when resources have public IP addresses and an RFC1918 IP addresses routing will be dropped on the internet.
I have also used MongoDB atlas before which offers connection via VPC peering and private link. That may also be another means to explore long term than over the internet.
Relevant content
- Accepted Answerasked 10 months ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated a year ago
The main idea is that IGW does not work without public IP. I am wondering why. For example, our computers work well inside nested network topologies with routing and gateways without any static IPs.
Because you will at some point have a NAT ip address. This could be an edge firewall/router or a proxy server.
These devices will hide your private IP addresss.
Think of a IGW as a router. Nothing more. You need a public IP address to route across the internet.
I agree every internet provider has at least one public IP. So it does not work without public IP. Routing to IGW it is just a try to get closer to the gates. Thank you.
Any issues or questions please reach out again