Whitelist VPC CIDR to access Atlas API resources

[Buruiană Cătălin]

Hey. I'm having some trouble setting up IP whitelisting for a AWS VPC network with the intention of accessing the Atlas API.

Essentially, I am trying to access the Atlas API in a programatic manner from within an AWS Lambda job. As there is no static IP associated with such execution environments, I thought linking the job with a VPC would enable me to whitelist it. However, all request to the Atlas API result in the "403 IP_ADDRESS_NOT_ON_WHITELIST IP address x.x.x.x is not allowed to access this resource." 

I think I did everything for the setup on the Atlas side of things, but I'm still having some problems with it:

- the application API key works as I tried it locally from my whitelisted IP address

- I've added the CIDR block to the whitelist of the key from organisation level

- I've added the CIDR block to the whitelist on account level 

- I've added the CIDR Block to the whitelist on cluster level

- on organisation setting, I've set "require whitelist access to public API" setting to both on and off

Was wondering if you guys have any leads or tips on this. 

[Afonso Rodrigues]

Hi @loopiezlol,

For solution this problem, you can be define "VPC Peering" in Mongo Atlas Interface.

https://docs.atlas.mongodb.com/security-vpc-peering/

--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
 
For other MongoDB technical support options, see: https://docs.mongodb.com/manual/support/
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user...@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/d5b1bbaf-4b1c-4aaa-82a0-0cd91f851c6d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Atenciosamente, 

Afonso Rodrigues
Analista de Sistemas

[Buruiană Cătălin]

Hey, thanks for the prompt reply.

Unfortunately, that did not solve my issue. Also, from my understanding, VPC peering allows communication through a private connection between two VPCs - one of it being the network of one Atlas Project (not organization) and the other being an arbitrary (say AWS) VPC.
However, I am not sure if this connection will somehow impact the access to the API, but only the connection to the actual clusters in the project.

Instead, I've explicitly whitelisted on the application API Key the Elastic IP of the NAT gateway in the VPC from the organisation settings - fact which solved this problem.

On Tuesday, April 9, 2019 at 2:41:27 AM UTC+1, Afonso Rodrigues wrote:

Hi @loopiezlol,

For solution this problem, you can be define "VPC Peering" in Mongo Atlas Interface.

https://docs.atlas.mongodb.com/security-vpc-peering/

Em seg, 8 de abr de 2019 às 20:02, Buruiană Cătălin <loopi...@gmail.com> escreveu:

Hey. I'm having some trouble setting up IP whitelisting for a AWS VPC network with the intention of accessing the Atlas API.

Essentially, I am trying to access the Atlas API in a programatic manner from within an AWS Lambda job. As there is no static IP associated with such execution environments, I thought linking the job with a VPC would enable me to whitelist it. However, all request to the Atlas API result in the "403 IP_ADDRESS_NOT_ON_WHITELIST IP address x.x.x.x is not allowed to access this resource." 

I think I did everything for the setup on the Atlas side of things, but I'm still having some problems with it:

- the application API key works as I tried it locally from my whitelisted IP address

- I've added the CIDR block to the whitelist of the key from organisation level

- I've added the CIDR block to the whitelist on account level 

- I've added the CIDR Block to the whitelist on cluster level

- on organisation setting, I've set "require whitelist access to public API" setting to both on and off

Was wondering if you guys have any leads or tips on this. 

--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
 
For other MongoDB technical support options, see: https://docs.mongodb.com/manual/support/
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mongod...@googlegroups.com.

To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/d5b1bbaf-4b1c-4aaa-82a0-0cd91f851c6d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Afonso Rodrigues]

Hi,

Maybe the function context network is not correct with VPC or Inline Policies not granted access.

To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user...@googlegroups.com.

To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.

To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/433edc1f-3dbe-49c9-8bb8-6d7b0818cc9d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Afonso Rodrigues]

Hi @loopiezlol,

Can you find solution?

Thank's