Basic setup:
- MongoDB Atlas M10 instance, configured with VPC Peering according to the following guide (https://www.mongodb.com/docs/atlas/security-vpc-peering/)
- AWS ECS Service configured with EC2 Launch type and Application Load Balancer, which serves a NodeJS backend.
- AWS ECS Task configuration’s networkmode is ‘awsvpc’
When we log in the EC2 instance via SSH, we can connect to the MongoDB instance, so the VPC Peering and other networking settings (VPC, Security Group, Route tables) should be fine.
However, the NodeJS backend cannot make the connection and fails with ‘MongoServerSelectionError: Server selection timed out after 30000 ms’
I guess this is some kind of networking issue, but what do we miss?
Any help/hint would be greatly appreciated ๐
Edit1: additional details
- in Atlas / Network Access only the Peering VPC’s CIDR is specified, there is no "Access All" enabled
- we can make the connection from the EC2 machine on which the ECS Task are deployed (as Docker images by ECS) with mongod-mongosh
- we checked the security groups, and the one associated with the ECS Task/Container seems to have ‘All traffic & protocol & port for IPv4/IPv6’ as outbound rule
2
Answers
Is the NodeJS backend server on the same VPC as the EC2 instance you SSH into? Ontop of that, when you ping the hostname(s) of the Atlas cluster node(s) you’re trying to connect to from the EC2 instance you’ve SSH’d into (and can successfully connect to), do you get a public address resolved or private? You could remove all internet access from the Network Access List if you’ve not already done so and try connecting again to just double check you aren’t connecting over the public internet for the EC2 instance.
You can try the same ping from the NodeJS backend server to see what it resolves. If it’s a public address as opposed to a private one then it may be related to a DNS setting. You can check out the considerations documentation on the Set Up a Network Peering Connection page to see if you’ve missed anything there.