I have an ECS Fargate service mapped to an Application Load Balancer on AWS. In this service, there are several task that are frequently killed and restart.
These tasks should be able to connect to a MongoDB Atlas cluster.
Which IP should I whitelist for my Atlas cluster? Is it possible to have an elastic IP or a range of IPs for my service to allow only IP(s) of my service in my Mongo Atlas cluster?
Sorry if this question is trivial, I'm struggle a bit on ECS, ALB and networking on AWS.
Best Answer
You can have your Fargate tasks in a Private Subnet in the VPC and set up a NAT gateway in the Public Subnet. Then on the way out to the MongoDB Atlas (which I understand is not hosted in your VPC) all the traffic from the Fargate containers will appear to come from one of the NAT GW addresses.
NAT GW provides a fixed IP address in each Availability Zone - so with 3 AZs you'll only get to whitelist these 3 IPs on the Atlas side.
Hope that helps :)