MongoDB Atlas Privatelink Setup

🚧

For the following steps, you must have access to a MongoDB Atlas instance and be able to manage Custom Roles and Database Users within it.

If you do not have access, please invite your MongoDB Atlas administrator to Rockset.

Rockset supports PrivateLink to enable ingest from private sources without exposing to the public internet. Users can use the following steps to setup PrivateLink for their atlas database and generate the private link connection string that can be used to create a mongoDB integration using the steps mentioned in create integration via rockset console.

MongoDB PrivateLink setup steps

Step 1. Create a VPC Endpoint service in data source AWS account

Step i. Create the Private endpoint under "Security -> Network Access -> Private Endpoint":

Step ii. Select the region where the data source and Rockset account is:

🚧

Data source should be in the same region as that of Rockset region.

Rockset currently supports privateLink for data sources in the same region as that of the Rockset region.

Step iii. Wait for Atlas Endpoint service ID to be generated. This might take around 3-4 minutes.

Note: You can ignore the VPC ID/ Subnet ID fields

Step iv. Take note of the service name once the private endpoint is ready.

We'll use the service name in creating the Rockset network configuration.


Step 2. Create a Rockset Network Configuration.

Now, you can create Rockset Network configuration using the API using the service name created earlier in step 1.

Command to create network configuration:

curl 'https://api.usw2a1.rockset.com/v1/orgs/self/network/configurations' \
  -H 'Authorization: ApiKey REDACTED' \
  -H 'Content-Type: application/json' \
  --data '
{
	"name": "mongo-atlas-privatelink",
  "aws_private_link": {
    "service_name": "<service name above>"
  }
}
'

You can use the following command to check the status of the network configuration and retrieve the endpoint ID:

curl 'https://api.usw2a1.rockset.com/v1/orgs/self/network/configurations' \
  -H 'Authorization: ApiKey REDACTED'

# sample response
{
  "data": [
    {
      "rrn": "rrn:netconf:usw2a1:92dfb3fd-5545-4c97-a901-88c229370dd8",
      "name": "mongo-atlas-privatelink",
      "description": "",
      "created_by": "[email protected]",
      "created_by_apikey_name": "apurwar_privatelink_test",
      "created_at": 1706136007535,
      "state": "CREATING",
      "details": null,
      "aws_private_link": {
        "service_name": "com.amazonaws.vpce.us-west-2.vpce-svc-050cdc4b14a3ec476",
        "endpoint_id": "vpce-0f12404abaa91e11d"
      },
      "msk_vpc_connection": null
    }
  ]
}

Step 3. Accept the AWS Connection Request

In mongoDB Atlas, to verify and finalize the endpoint connection, specify the VPC endpoint ID retrieved in Step 2.


Step 4. Create MongoDB Integration

Create MongoDB integration using the Private Endpoint connection string retrieved in MongoDB Atlas.

To retrieve the connection string follow:

Choose "Connect to your application" to get the connection string

The private link connection string can be used to create the mongoDB integration.