skip to Main Content

I’m trying to configure network access of a MongoDB cluster to allow connections from an Azure App Service. I found the outbound IP addresses of my App Service in the Azure portal (see Azure docs). And entered them in the IP access list according to MongoDB Atlas docs. I appended "/32" to the IP addresses to allow only a single host (CIDR notation).

However, when trying to connect on App Service start I get an error indicating to check the IP whitelist of the MongoDB cluster.

This actually seems to be the problem, because adding 0.0.0.0/0 (allow access from anywhere) solves the problem.

What could be the problem here?

I double checked the outbound IP addresses of the Azure App Service and the IP access list from the MongoDB Cluster.

What I did was indeed the answer to another question, so I think I’m missing something…

2

Answers


  1. Chosen as BEST ANSWER

    I only added the IP addresses listed in the "outbound IP addresses" property of my Azure App Service. After adding the IP addresses listed in the "Additional Outbound IP Addresses" property also the App Service connects to the MongoDB cluster successfully.

    This is somewhat surprising to me because the documentation on when outbound IPs change says that the "...set of outbound IP addresses for your app changes when you perform one of the following actions:

    • Delete an app and recreate it in a different resource group (deployment unit may change).
    • Delete the last app in a resource group and region combination and recreate it (deployment unit may change).
    • Scale your app between the lower tiers (Basic, Standard, and Premium), the PremiumV2, and the PremiumV3 tier (IP addresses may be added to or subtracted from the set).

    ..."

    None of the above actions happened. 🙄


  2. Actually /32 is not a valid CIDR in Azure. The minimum size of a single VNET is /29.
    This will restrict your range to only 3 IPs (not 8 as you would expect), as Azure will reserve the first four IPs and the last one for internal routing.

    Please consider also that if you are running the MongoDB cluster inside a private network and it is not exposed externally via a network appliance (such as Application Gateway, Load Balancer, Front Door or Traffic Manager), you will need to enable VNET Integration on Azure Web App side.

    If this is your case, navigate through your App in the portal and go into the "Networking" blade.
    Here you can add VNET Integration, but you should consider that in this case the minimum size of your subnet can only be /28 (you cannot add a smaller subnet)

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search