skip to Main Content

Basic setup:

  • MongoDB Atlas M10 instance, configured with VPC Peering according to the following guide (https://www.mongodb.com/docs/atlas/security-vpc-peering/)
  • AWS ECS Service configured with EC2 Launch type and Application Load Balancer, which serves a NodeJS backend.
  • AWS ECS Task configuration’s networkmode is ‘awsvpc’

When we log in the EC2 instance via SSH, we can connect to the MongoDB instance, so the VPC Peering and other networking settings (VPC, Security Group, Route tables) should be fine.

However, the NodeJS backend cannot make the connection and fails with ‘MongoServerSelectionError: Server selection timed out after 30000 ms’

I guess this is some kind of networking issue, but what do we miss?

Any help/hint would be greatly appreciated ๐Ÿ™‚

Edit1: additional details

  • in Atlas / Network Access only the Peering VPC’s CIDR is specified, there is no "Access All" enabled
  • we can make the connection from the EC2 machine on which the ECS Task are deployed (as Docker images by ECS) with mongod-mongosh
  • we checked the security groups, and the one associated with the ECS Task/Container seems to have ‘All traffic & protocol & port for IPv4/IPv6’ as outbound rule

2

Answers


  1. When we log in the EC2 instance via SSH, we can connect to the MongoDB instance, so the VPC Peering and other networking settings (VPC, Security Group, Route tables) should be fine.

    However, the NodeJS backend cannot make the connection and fails with ‘MongoServerSelectionError: Server selection timed out after 30000 ms’

    Is the NodeJS backend server on the same VPC as the EC2 instance you SSH into? Ontop of that, when you ping the hostname(s) of the Atlas cluster node(s) you’re trying to connect to from the EC2 instance you’ve SSH’d into (and can successfully connect to), do you get a public address resolved or private? You could remove all internet access from the Network Access List if you’ve not already done so and try connecting again to just double check you aren’t connecting over the public internet for the EC2 instance.

    You can try the same ping from the NodeJS backend server to see what it resolves. If it’s a public address as opposed to a private one then it may be related to a DNS setting. You can check out the considerations documentation on the Set Up a Network Peering Connection page to see if you’ve missed anything there.

    Login or Signup to reply.
    1. Can you share the security groups of ECS, MongoDB and EC2.
    2. Can you also check VPC flow logs. Then check for the REJECT messages for the ECS’ eni.
    3. Are you connecting to MongoDB using IP address or DNS. If DNS, can you check the DNS settings.
    4. Do you have access to MongoDB from your laptop. Can you run the docker from your laptop and see if you can connect to it, in case, there are issues with the docker.
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search