I have a VPC with the CIDR 10.2.0.0/16.
Inside I have a private subnet with 10.2.1.0/24, and a public subnet with 10.2.2.0/24.
In the public subnet, I have a NAT Gateway with private IP 10.2.2.33.
In the private subnet, I have an EC2 instance with private IP 10.2.1.65
I created a peering connection from MongoDb Atlas to the VPC, and added 10.2.0.0/16 to the IP access list.
The route table associated with the private subnet has these 3 routes:
| Destination | Target |
|---|---|
| 0.0.0.0/0 | {The NAT Gateway} |
| 10.2.0.0/16 | local |
| {Atlas CIDR} | pcx-{peering connection id} |
The public subnet is associated with this route table:
| Destination | Target |
|---|---|
| 0.0.0.0/0 | {VPC’s internet gateway} |
| 10.2.0.0/16 | local |
As a starting point, I added these rules to the security group of the instance in the private subnet:
| Port Range | Protocol | Source |
|---|---|---|
| 0 – 65535 | TCP | {Atlas CIDR} |
| 0 – 65535 | TCP | 10.2.0.0/16 |
When I try to connect to the database from that EC2 instance, I get this error message:
MongooseServerSelectionError: Could not connect to any servers in your MongoDB Atlas cluster. One common reason is that you're trying to access the database from an IP that isn't whitelisted. Make sure your current IP address is on your Atlas cluster's IP whitelist: https://docs.atlas.mongodb.com/security-whitelist/
I also tried to add the ID of the security group to the whitelist, but still got the same error.
I then installed mongosh on the same instance and tried to directly connect and got this error:
MongoServerSelectionError: Server selection timed out after 30000 ms
What am I missing here? What else do I need to configure to get this connection to work?
2
Answers
I finally found the missing piece of the puzzle, and it came down to a single checkbox I had missed. In the VPC configuration, I forgot to check the Enable DNS resolution option. Once I change that setting, after waiting a couple of minutes, the connection finally worked.
I had the same issue, but have been fixed,
eventually, my problem is from ECS task definition settings,
the task(container)’s network cannot be awsvpc, I have no idea why,
every setting and network associate I set correctly, unless ‘network mode’,
finally, my container could sync to atlas with network mode: bridge.