I have a VPC running on AWS which was created using kops, and the databases are running on mongo-atlas using GCP as a cloud provider.
The mongo database servers are open to the world, what I'm trying to do is find a way to set up one IP through with my VPC can talk to database or get a range of IPs or if any other solution possible?
Here is what I have already tried:
- VPC peering:- not possible because the database is running on GCP
- add all the public ip of the current running nodes to mongo atls:
cant do that because I'm using autoscaling - using elastic IPs, because I'm using autoscaling
Best Answer
Does your AWS cluster really need public IPs? If you're using
kops, hence presumably Kubernetes, you should have the worker nodes in private subnets and only have internet facing load balancers in the public subnet with public IPs.You've got a couple of options:
VPN between AWS and GCP - that will allow your AWS resources talk to the GCP resources over their private IPs. This should work even if your nodes have public IPs.
NAT your outbound AWS traffic using NAT gateway(s), one per AWS availability zone.
NAT gateways have fixed, Elastic IP that you can then whitelist on the GCP side.
BTW NAT may be a bit tricky if your worker nodes have public IPs. You will essentially need only specific addresses routed through the NAT gateway. E.g. if your Mongo nodes have IPs 192.0.2.1 and 192.0.2.100 your AWS route table will be:
I suggest you move the worker nodes to private subnet and use NAT for all outbound traffic, that will make the routing and whitelisting easier.
Hope that helps :)