I’m trying to create a MongoDB Atlas cluster using a CloudFormation template, including VPC peering and network container setup. However, the stack fails with an unhelpful error:
Internal Failure
There are no further logs or diagnostics in CloudFormation to help trace the issue. I’ve reviewed the parameters and resources multiple times, but can’t identify the root cause.
Here’s a simplified version of the CloudFormation template that is used:
Parameters:
AtlasAccountId:
Type: String
Default: "123456789012"
AtlasProjectId:
Type: String
Default: "your-atlas-project-id"
AtlasRegion:
Type: String
Default: af-south-1
AtlasCidr:
Type: String
Default: 192.168.248.0/21
AtlasSecretProfile:
Type: String
Default: default
AtlasClusterName:
Type: String
Default: "AtlasCluster"
AtlasClusterInstanceSize:
Type: String
Default: M10
ClusterMongoDBMajorVersion:
Type: String
Default: 8.0
Environment:
Type: String
Default: Staging
VpcCIDR:
Type: String
Default: 10.0.0.0/16
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
AtlasIAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
Action: 'sts:AssumeRole'
AtlasPeeringRole:
Type: AWS::IAM::Role
Properties:
RoleName: "MongoDBAtlasPeeringRole"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
AWS: !Sub "arn:aws:iam::${AtlasAccountId}:root"
Action: "sts:AssumeRole"
MaxSessionDuration: 3600
Policies:
- PolicyName: "MongoDBAtlasVPCPeering"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "ec2:AcceptVpcPeeringConnection"
- "ec2:DescribeVpcPeeringConnections"
Resource: "*"
AtlasCluster:
Type: MongoDB::Atlas::Cluster
Properties:
ProjectId: !Ref AtlasProjectId
Name: !Ref AtlasClusterName
ClusterType: REPLICASET
Profile: !Ref AtlasSecretProfile
BackupEnabled: true
AdvancedSettings:
JavascriptEnabled: true
MongoDBMajorVersion: !Ref ClusterMongoDBMajorVersion
ReplicationSpecs:
- NumShards: 1
AdvancedRegionConfigs:
- ElectableSpecs:
EbsVolumeType: STANDARD
InstanceSize: !Ref AtlasClusterInstanceSize
NodeCount: 3
Priority: 7
RegionName: !Ref AtlasRegion
ProviderName: AWS
NetworkContainer:
Type: MongoDB::Atlas::NetworkContainer
DependsOn: AtlasCluster
Properties:
ProjectId: !Ref AtlasProjectId
RegionName: !Ref AtlasRegion
AtlasCidrBlock: !Ref AtlasCidr
Profile: !Ref AtlasSecretProfile
NetworkPeering:
Type: MongoDB::Atlas::NetworkPeering
DependsOn: NetworkContainer
Properties:
ProjectId: !Ref AtlasProjectId
AwsAccountId: !Ref AWS::AccountId
ContainerId: !Ref NetworkContainer
AccepterRegionName: !Ref AtlasRegion
RouteTableCIDRBlock: !Ref AtlasCidr
VpcId: !Ref VPC
Profile: !Ref AtlasSecretProfile
AcceptVpcPeering:
Type: AWS::EC2::VPCPeeringConnection
DependsOn: NetworkPeering
Properties:
VpcId: !Ref VPC
PeerRoleArn: !GetAtt AtlasPeeringRole.Arn
PeerVpcId: !GetAtt NetworkPeering.ConnectionId
PeerRegion: !Ref AtlasRegion
Tags:
- Key: Name
Value: !Sub "Atlas-${Environment}"
RouteToAtlas:
Type: AWS::EC2::Route
DependsOn: AcceptVpcPeering
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: !Ref AtlasCidr
VpcPeeringConnectionId: !GetAtt NetworkPeering.AwsVpcConnectionId
Troubleshooting attempts:
- Validated all parameters
- Checked MongoDB CloudFormation resource types
- Verified AtlasSecretProfile is configured in secrets manager
- Verified AtlasSecretProfile is configured in CloudFormation
Questions:
-
What are the common causes of Internal Failure in MongoDB::Atlas::* CloudFormation resources?
-
Is anything missing in my template?
-
How to specify cluster instance type as flex? Is
FLEXright?