Dear MongoDB community
I am deploying an atlas mongo cluster from terraform, and recently I got this issue in a couple of our terraform cloud runs by interaction with atlas mongodb API:
Error: error getting Team information: GET https://cloud.mongodb.com/api/atlas/v1.0/orgs/{ORG_ID}/teams/{TEAM_ID}: 403 (request "IP_ADDRESS_NOT_ON_ACCESS_LIST") IP address 3.230.120.28 is not allowed to access this resource.
The first thing came up to my mind was that atlas API is not accepting incoming connections from terraform cloud hosted runners where I am running the pipelines to setup/update atlas mongodb infrastructure. This due to the IP address from terraform runner is not allowed on atlas API access list.
That I tried is keeping in mind the API range list, I’ve added the range gotten from this curl request to my mongo API access list, without success, since the range is wide, sometimes the IP I got from terraform cloud run is not included on the api
, notifications
, sentinel
or vcs
> curl \
--request GET \
-H "If-Modified-Since: Tue, 26 May 2020 15:10:05 GMT" \
https://app.terraform.io/api/meta/ip-ranges
{
"api": ["75.2.98.97/32", "99.83.150.238/32"],
"notifications": ["52.86.200.106/32", "52.86.201.227/32", "52.70.186.109/32", "44.236.246.186/32", "54.185.161.84/32", "44.238.78.236/32"],
"sentinel": ["52.86.200.106/32", "52.86.201.227/32", "52.70.186.109/32", "44.236.246.186/32", "54.185.161.84/32", "44.238.78.236/32"],
"vcs": ["52.86.200.106/32", "52.86.201.227/32", "52.70.186.109/32", "44.236.246.186/32", "54.185.161.84/32", "44.238.78.236/32"]
}
Not sure if this is something related from Atlas Mongodb API side, the thing is until two days ago (and for long time) this process on terraform cloud was working well getting connections with Atlas API and I was not getting the 403 (request "IP_ADDRESS_NOT_ON_ACCESS_LIST")
error until now.
I know the terraform IP range list is variable, from time to time, and also I already post a question on terraform hashicorp community and people there says here if it was working and now it doesn’t, perhaps it has to do with some change from MongoDB side
This seems like a change in your MongoDB organization or the Atlas MongoDB API then, if it used to work and now requires a specific IP allowlist. The error is returned in Terraform but is a response from that service, not Terraform itself.
I am really confused about the origin of this error, it looks like Atlas API is not accepting incoming connections from terraform cloud runner (it is a public runner hosted on terraform side) and I have to whitelist the IP address or range of them in Atlas API Access list, but the thing is this range is variable and is not included on the ranges gotten with my curl command.
I just wanted to come up here just for the record and know your thoughts about that.
Has something changed on ATLAS API for incoming connections? Why it was working well and suddenly it doesn’t?
I will appreciate your thoughts.