Hello,
We’ve recently set up a VPC peer between our MongoDB Atlas cluster on AWS us-east-2 and our AWS default VPC with our EC2 instances running inside us-east-2 region. We referenced this doc page: https://www.mongodb.com/docs/atlas/security-vpc-peering/
The connection seems to work and our EC2 instances can connect to the mongodb using the existing connection URL that we’d previously used for public/internet connections.
We’ve removed the public IP of the EC2 instance from the Mongo Atlas Network Access list and haven’t added any private CIDR blocks, but our EC2 instance can still access the Peered mongo DB.
I wanted to clarify if that’s expected, because the docs seem to indicate at the end that we need to have private IPs whitelisted for the connection to work:
Before your new VPC peer can connect to your Atlas cluster, you must:
Locate the VPC CIDR block addresses (or subset), or the Security Groups, associated with the VPC configured in your project.
Add at least one of these CIDR blocks to the access list.
So, we’re a bit leery as to why it’s “just working.” Do we not need CIDR blocks or private IP addressed whitelisted to use VPC peering?
I want to make sure when we go live and any private IPs potentially change from deploys that those EC2 Instances can still connect to the MongoDB.
Any ideas? Thanks!