How to create a VPC peering between MongoDB Atlas and AWS with Terraform
Matching two networks from separate Cloud providers accounts will help you access services locally and avoid using an external network. Here’s how to do it with Infrastructure as Code (Terraform) based on an example between MongoDB Atlas and Amazon AWS.
This article is an transcript from a video interview series : Ask Me Anything on Infrastructure as Code with the Author of “Infrastructure as Code – Cook book”
How to create a VPC peering between MongoDB Atlas and AWS with Terraform
First of all, some context for other audience members : in the case it’s not clear what a VPC peering is on AWS, it’s the act of matching two networks from two different AWS accounts, so you can have in the same region, two different VPCs from two different accounts talking together.
In my case I use MongoDB Atlas that way, so I can access MongoDB Atlas locally, and not use the external network. It all stays internally in the AWS accounts from MongoDB and mine.
Let me show you some code :
Basically you need to create a connection somewhere on AWS. So you need to say : “okay I want to create a VPC peering connection with a network address block , plus you need to create on the AWS side, what is called an Accepter.
It means that one party requests the connection (so in my case that party is MongoDB Atlas on line 1 here.
So you say : “I want to peer my network to you on your account” and basically you create just a new resource. This resource is from the AWS provider.
resource "mongodbatlas_vpc_peering_connection" "aws" {
group = mongodbatlas_project.atlas_project.id
aws_account_id = var.aws_account_id
vpc_id = var.vpc_id
route_table_cidr_block = var.vpc_cidr_block
container_id = mongodbatlas_container.container.id
provider_name = "AWS"
} This one here is for the MongoDB Atlas provider (and by the way if you use MongoDB Atlas they recently switched from a community plug-in to a full-fledged official provider made directly by the MongoDB team. I’m still using the old one but I think it’s not much different.)
So basically you create a connection then you create an accepter (that’s the word in the VPC peering world) and so you accept the connection id that you declared on this resource and basically you just say that you want to accept it automatically and then you will end up with your VPC peering connection working both sides.
resource "aws_vpc_peering_connection_accepter" "peer" {
vpc_peering_connection_id = mongodbatlas_vpc_peering_connection.aws.connection_id
auto_accept = true
tags = {
Side = "Accepter"
Terraform = "true"
}
} It means though, that for this to work, obviously you need to have your credentials for MongoDB Atlas and AWS. So you need to create some IAM connection, some IAM identity or something, for this specific user.
So that’s one limitation because you need to add the full AWS provider just to accept once the connection but well, at least you are managing your VPC peering connection from a third-party provider (MongoDB Atlas in this case) and your own VPC peering connections. So it’s quite cool to have it really handled with code.