MongoDB Atlas Serverless Instance connectivity from AWS Private Subnet ec2 instance

Hi All,
I am facing issue of connectivity from private subnet ec2 instance to MongoDB Serverless instance which is deployed in the same AWS region where my ec2 instances reside.

I have setup a Private Endpoint between MongoDB and my VPC and successfully connected from another EC2 instance (available in public subnet).

But when I tried to connect with same instance from EC2 instance in private subnet, it’s not able to reach to MongoDB and I get timeout issue. I have ensure all the outbound ports are open with Route table, VPC Security Group, public and private subnet security groups.

I have associated NAT gateway with my private subnet as well and I have access to internet as well.

Is there something that I am missing here? Please help

Hey @Arun_Sharma2,

Welcome to the MongoDB Community forums :sparkles:

Could you please confirm the following:

  • Have you attempted to connect to any free MongoDB Cluster - M0 cluster? If not, could you try connecting and confirm whether you’re able to? If successful, I believe you can connect to a Serverless instance as well.
  • Also confirm if the DNS names you are using are resolved to the IP.

Meanwhile, you may refer to the following documentation to read more about the step-by-step process to set up a Private Endpoint.

However, if your problem persists, please provide the error stack trace, subnet ranges, and workflow you followed, so the community can assist you better.

Best Regards,
Kushagra

@Kushagra_Kesav,
Thanks for the response. Please see my comments below to your points:

  • Private Endpoint connectivity between MongoDB VPC and My VPC is not available for M0 Cluster (Free tier) so It’s not possible. However, I stilled tried it though :slight_smile:

  • My private subnet EC2 instance DNS name is resolving to private IP address only.

  • Earlier I followed the same documents to setup Private Endpoint connectivity between both the VPCs and I did setup successfully.

Let me try to reiterate steps:

  • I created a VPC with two subnets 1 public and 1 private.

  • Established Private Endpoint connectivity between MongoDB VPC and my VPC. During the connectivity I used public subnet Id for connectivity because only 1 subnet is required from one AZ.

  • Created two ElasticBeanstalk services and launched two EC2 instances in each service within same VPC. One EC2 machine is running in public subnet and another one is in private subnet. I can ssh to public ec2 instance directly from my machine. To access private ec2 instance, I need to ssh from public ec2 machine.

  • I have installed mongo shell on both the machines.

  • I got Private Endpoint connection string for mongo shell which looks something like:

mongosh "mongodb+srv://<my_cluster_id>-pe-0.r1zmyr0.mongodb.net/" --apiVersion 1 --username <username>

  • If I use above string in public ec2 instance, it works just fine. But when I tried to connect from private subnet ec2 machine. Attached private subnet machine screen shots. In the next post, I will post screen shot from public ec2 instance

Private Subnet CIDR : 10.0.128.0/20
Public Subnet CIDR: 10.0.0.0/20

The only difference is that Private instance doesn’t have Public IPv4 associated or public DNS with it.

Let me know if you need anything else.

Here is the screen shot from public ec2 instance.

Hi @Arun_Sharma2,

Is the Subnet ID you are using to configure associated with the private subnet, or is it only associated with the public subnet CIDR? If it’s linked to the public subnet CIDR, please try configuring it using the Subnet ID for the private range instead.

After that, see if you can establish a fresh connection from the public subnet and then the private subnet, and let us know the results.

Also, you can refer to the AWS documentation: Example: VPC with servers in private subnets and NAT - Amazon Virtual Private Cloud

Regards,
Kushagra

I have tried that before and I tried again just now. I created fresh private endpoint using private subnet id. I used private endpoint connection string and tested using mongo shell but same issue.

Below is the private subnet route table mapping. I am allowing on IPv4 address.

Like I mentioned before, I can reach internet from my private subnet EC2 instance but can’t reach to Mongodb instance.

Here is VPC NACL Outbound mapping.

@Kushagra_Kesav
Does this help?

Hi @Kushagra_Kesav,
I found the issue. It’s actually the private subnet’s associated ENI where the security group associated with VPC was not linked. After adding the VPC’s subnet with that ENI, I could access mongodb.

I appreciate your help though. :slight_smile: