Search code examples
amazon-web-servicesamazon-elastic-beanstalk

Can't access external MongoDB Atlas database from Elastic Beanstalk's EC2 instance


I own an Elastic Beanstalk environment that holds a single EC2 instance, running a Spring Boot server. I don't think it is necessary to talk about the deployment options, but if they are required, I will add them as edits.

Recently, I've deployed a code that connects to my MongoDB database (using an external source hosted via MongoDB Atlas), which runs perfectly locally. My Spring Boot application currently lists items from that database, when I try to access a certain page.

On remote, it works perfectly until I reach that certain page that tries to query my database. Trying to look inside Beanstalk's web.stdout.log file, I get some exceptions:

Dec 18 10:07:45 ip-172-31-46-201 web[182140]: 2024-12-18T10:07:45.757Z ERROR 182140 --- [mockapi] [nio-5000-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed: org.springframework.dao.DataAccessResourceFailureException: Timed out while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=docsbymario-shard-00-00.xyx0n.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: Received fatal alert: internal_error}}, {address=docsbymario-shard-00-01.xyx0n.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: Received fatal alert: internal_error}}, {address=docsbymario-shard-00-02.xyx0n.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: Received fatal alert: internal_error}}]] with root cause
Dec 18 10:07:45 ip-172-31-46-201 web[182140]: com.mongodb.MongoTimeoutException: Timed out while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=docsbymario-shard-00-00.xyx0n.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: Received fatal alert: internal_error}}, {address=docsbymario-shard-00-01.xyx0n.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: Received fatal alert: internal_error}}, {address=docsbymario-shard-00-02.xyx0n.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLException: Received fatal alert: internal_error}}]

By guessing, I think that such an exception comes from problems accessing the database URL (that is properly defined inside the application.properties file).

EC2 security groups allow outbound traffic for each address, to every port.

I am using the default VPC, didn't create a custom one, and it seems that its outbound rules both allow and deny network traffic: enter image description here

I cannot remove the rule that explicitly denies everything.

Should I have created my custom VPC, with my custom ACL and custom outbound rules? Only to access an external resource like a MongoDB database? Did I maybe miss something? I am new to AWS (in practice), and just realized that getting AWS certified doesn't guarantee you any practical skills.


Solution

  • You should not touch the VPC's Network ACL rules. That ACL in your screenshot allows all traffic, so the Network ACL is not a problem.

    MongoDB Atlas has an IP access list setting. You need to add your EC2 instance's public IP to that list? Note that this has to be the instance's public IP, not the private IP.