Expand Your Horizons with Public/Private Connection Strings for MongoDB Atlas Clusters

We’re excited to announce a recent update that makes MongoDB Atlas easier for developers to use and expands the range of applications that can be supported by our cloud database service.

Customers can now securely connect to Atlas clusters from both public and private contexts with the availability of multiple connection strings. This enables several use cases - primarily for customers on GCP and Azure - including easier database connectivity, multi-region clusters, and access to Stitch, Charts, and Live Migration.

Simplified Database Connectivity

Every dedicated cluster on Atlas (M10 or higher) is deployed in its own VPC (on AWS and GCP) or VNet (on Azure). This ensures network isolation and allows customers to securely connect to their applications deployed on their own VPCs/VNets through network peering.

However, customers on GCP and Azure previously had to enable “peering only mode” if they wanted to connect their Atlas clusters to their own VPCs/VNets. This meant that they couldn’t add public IP whitelist entries to allow developers to directly connect from on-prem and local workstations. Instead, those users would have to connect via an SSH tunnel or bastion host, which was time-consuming and often difficult to configure correctly. If developers wanted to use MongoDB Compass, our GUI tool, they would also have to go through the same process.

With the addition of multiple connection strings, we’re pleased to announce that we have removed the limitation of “peering only mode”.

  • Customers can now connect their applications to a peered Atlas cluster on GCP or Azure with the new private connection string to keep data transfer within private networks.
  • They can simultaneously connect from whitelisted public IP addresses using the new standard connection string, giving developers more flexibility when it comes to building applications on Atlas.

Multi-Region Clusters on Azure

With the new connection strings, Azure customers using VNet peering can now extend their Atlas deployments across multiple regions for additional fault tolerance or use Global Clusters for low-latency performance worldwide. These options enable customers to expand their reach and serve audiences across different geographies while maintaining high performance and availability. Customers subject to data sovereignty regulations like GDPR can also easily pin data to specific regions to ensure compliance.

MongoDB Stitch, Charts, and Live Migration

Another benefit that comes with the new connection strings is the ability to use other MongoDB products and services like Stitch, Charts, and Live Migration. Customers on GCP and Azure with peering-enabled clusters can now take advantage of these complementary services to streamline application development, data visualization, and database migration.

  • MongoDB Stitch is a serverless platform that makes it easy for web developers to build front-end features without having to worry about back-end infrastructure. It offers an integrated suite of services designed to work together with your Atlas data - from functions and triggers to fine-grained data access rules and GraphQL.

  • MongoDB Charts is the data visualization tool built for MongoDB data. Use Atlas as a data source to create charts and graphs, embed them into your applications, and build live dashboards for sharing and collaboration.

  • Live Migration is a free service that allows customers using MongoDB to migrate their data from self-managed deployments to Atlas clusters with minimal downtime.

Bring Your Own DNS to Atlas on AWS

Customers with clusters on AWS who use VPC peering generally are not impacted by the new changes as the existing connection strings in Atlas are able to resolve to both public and private IP addresses.

The new private connection string does enable the use of a custom DNS provider with VPC-peered clusters as the private connection string exclusively resolves to private IPs rather than rely on automatic split-horizon resolution of the DNS provider. This removes some barriers to migrating from on-premise deployments to Atlas for customers who want to retain their own DNS providers.

Separately, AWS customers also have the ability to leverage private endpoints to connect to Atlas using AWS PrivateLink.

To disable "peering only mode" on your GCP and Azure clusters and start leveraging these great new features, visit our Connection String Options FAQ.