Search code examples
node.jsmongodbgoogle-app-enginemongodb-atlasvpc

VPC peering problems from GCP App Engine (nodejs, standard environment) to Mongodb Atlas

EDIT - SOLVED

as mentioned in comments here is a link to follow IP whitelisting process and check your IP's that work with VPC: MongoDB and Google Cloud Functions VPC Peering?

There are 2 things I had to fix additionally:

  1. Don't forget to change connection string to private as indicated here (https://docs.atlas.mongodb.com/reference/faq/connection-changes#std-label-connstring-private). There is no mention of that in VPC peering configuration in Atlas docs.
  2. In GCP in VPC peering configuration disable option that is checked by default: Export subnet routes with public IP. After that your IP in mongodb to whitelist is in range from VPC serverless connector.

ORIGINAL QUESTION

I tried to create VPC peering connection from my App Engine on GCP to Mongodb Atlas. App Engine app is node / react app that is working fine with whitelisted 0.0.0.0 in Mongodb. Here are steps that I made correctly according to all documentations:

  1. I have added peering connection in Atlas and it is visible as available.
  2. I have added VPC peering connection in GCP and status is active
  3. I have added IP ranges from my GCP project network to IP whitelist in Atlas
  4. I have created a serverless VPC connector to use with my App Engine (standard envorionment) here is a line from app.yaml
    vpc_access_connector:
      name: projects/project-id/locations/location/connectors/connector-name
  1. I have experimented with different IP ranges added to whitelist in Atlas. Both clusters are in the same region and I have included regional range from here: https://cloud.google.com/vpc/docs/vpc#ip-ranges

There is a problem because connection can't be made and it is timed out (502 Bad Gateway error in my API service). When I have 0.0.0.0/0 (internet) whitelisted in Atlas everything is working fine.

I was wondering if there are any possible changes that can be made in GCP:

  • firewall setup
  • exchanging custom routes setup in VPC peering setup
  • exchanging subnet routes with public IP in VPC peering setup
Solution

  • As mentioned in comments here is a link to follow IP whitelisting process and check your IP's that work with VPC: MongoDB and Google Cloud Functions VPC Peering?

    There are 2 things I had to fix additionally:

    1. Don't forget to change connection string to private as indicated here (https://docs.atlas.mongodb.com/reference/faq/connection-changes#std-label-connstring-private). There is no mention of that in VPC peering configuration in Atlas docs.
    2. In GCP in VPC peering configuration disable option that is checked by default: Export subnet routes with public IP. After that your IP in mongodb to whitelist is in range from VPC serverless connector.