Skip to content

How to create a VPC peering between MongoDB Atlas and AWS with Terraform

Matching two networks from separate Cloud providers accounts will help you access services locally and avoid using an external network. Here’s how to do it with Infrastructure as Code (Terraform) based on an example between MongoDB Atlas and Amazon AWS.

How to create VPC peering code

This article is an transcript from a video interview series : Ask Me Anything on Infrastructure as Code with the Author of “Infrastructure as Code – Cook book”

How to create a VPC peering between MongoDB Atlas and AWS with Terraform

First of all, some context for other audience members : in the case it’s not clear what a VPC peering is on AWS, it’s the act of matching two networks from two different AWS accounts, so you can have in the same region, two different VPCs from two different accounts talking together.

In my case I use MongoDB Atlas that way, so I can access MongoDB Atlas locally, and not use the external network. It all stays internally in the AWS accounts from MongoDB and mine.

Let me show you some code :

How to create VPC peering code

Basically you need to create a connection somewhere on AWS. So you need to say : “okay I want to create a VPC peering connection with a network address block , plus you need to create on the AWS side, what is called an Accepter.

It means that one party requests the connection (so in my case that party is MongoDB Atlas on line 1 here.

So you say : “I want to peer my network to you on your account” and basically you create just a new resource. This resource is from the AWS provider.

resource "mongodbatlas_vpc_peering_connection" "aws" {
  group                  =
  aws_account_id         = var.aws_account_id
  vpc_id                 = var.vpc_id
  route_table_cidr_block = var.vpc_cidr_block
  container_id           =
  provider_name          = "AWS"

This one here is for the MongoDB Atlas provider (and by the way if you use MongoDB Atlas they recently switched from a community plug-in to a full-fledged official provider made directly by the MongoDB team. I’m still using the old one but I think it’s not much different.)

So basically you create a connection then you create an accepter (that’s the word in the VPC peering world) and so you accept the connection id that you declared on this resource and basically you just say that you want to accept it automatically and then you will end up with your VPC peering connection working both sides.

resource "aws_vpc_peering_connection_accepter" "peer" {
  vpc_peering_connection_id =
  auto_accept               = true
  tags = {
    Side      = "Accepter"
    Terraform = "true"

It means though, that for this to work, obviously you need to have your credentials for MongoDB Atlas and AWS. So you need to create some IAM connection, some IAM identity or something, for this specific user.

So that’s one limitation because you need to add the full AWS provider just to accept once the connection but well, at least you are managing your VPC peering connection from a third-party provider (MongoDB Atlas in this case) and your own VPC peering connections. So it’s quite cool to have it really handled with code.

Key metrics for infrastructure automation

Check your progress in your infrastructure automation journey with metrics that matter.

Maintain reliability and security while moving at developers speed.

Track inconsistencies that were invisible so far.