All geek questions in one place

How to access a mongodb instance outside of VPC

I followed the AWS quick start guide for creating a MongoDB cluster. This created a NAT instance (Public subnet), as well as one instance of PrimaryReplicaNode (internal IP address only). I can use SSH in NAT and, in addition, I can use SSH in Primary Replica from NAT. I checked that MongoDB is accessible from the command line, but I need to go through two servers to get there.

On the other hand, I made a quick start node.js server on Elastic Beanstalk. I also put it in the same VPCs and security groups as NAT.

So, I have 3 shared instances. 1 Elastic Beanstalk instance running node and 2 EC2 instances working as a MongoDB cluster.

My question is ... how to connect to MongoDB from the Elastic Beanstalk app?

Should I provide Elastic Beanstalk with the same key that I gave NAT so that it can access the internal Primary node? Or am I connecting to an external NAT address from node.js and then tunneling into a cluster? What exactly needs to be connected in order to ensure its implementation?

Any advice would be highly appreciated!

+9
source share
2 answers

I would recommend using the CloudFormation template to create everything you need for the new VPC env. Here is an AWS-provided CloudFormation template that handles proper VPC creation (public / private subnets, nat gateway configurations, security groups, etc.). There was a huge help for me personally. https://docs.aws.amazon.com/codebuild/latest/userguide/cloudformation-vpc-template.html

From there you will need to create a new aws EB cluster. I would recommend saving the current configuration so that you can use it more easily to create a new environment. But don't forget to set up a new env with your new VPC. You will still need to do the same for the mongo ec2 instances (make sure they are in the new VPC) and create another security group that has the proper configurations to access the aws eb instances inside the VPC.

With just one step of creating a security group manually (for mongo instances), it becomes much cleaner and gives you the confidence that everything is configured correctly from a network perspective.

Now you can simply tell your application to speak directly with your mongodb (using the private dns permission for the mongo host in VPC - note: enable dns permission in vpc when creating!)

Hope this helps

+1
source

You need to check the configuration of the security groups assigned to the elastic bean servers and mongoDB. Make sure the rules allow access in both

0
source

Source: https://habr.com/ru/post/1266524/

More articles:


All Articles