I have set up VPC Peering between my AWS VPC and Atlas cluster. My problem is that when I go to change my “IP access list” to remove the “0.0.0.0/0” IP, I am no longer able to connect to the cluster. I have included the VPC’s CIDR block in the allowed IPs and have also tried adding the Security group ID that is associated with the VPC.
On the AWS side, I have a lambda that is being triggered and which then communicates with Mongo. The VPC that the lambda sits within, has no “internet gateway” so as I understand it, it should not be able to connect to the open internet. The VPC’s Route table diverts all traffic (from the lambda) to the peering connection (which connects Atlas to my VPC).
From my setup, it seems that no traffic should be leaving my AWS VPC from any other IP address than the ones included in my VPC CIDR block. So why is it that removing the “0.0.0.0/0” IP from the list of allowed IP’s on mongo stops me from being able to connect?
I have added flow logs and it seems that none of the traffic goes through the VPC (I'm guessing this is the case since the logs seem very empty, don't show any source or destination IP or anything). Is it possible for the lambda that is connected to the VPC to not send traffic through it?
Best way for you to isolate this is to create vanilla EC2 instance in the Source VPC and in the destination VPC and test a simple connectivity such as SSH over the Peering if that works fine then it is something with the Lambda or MongoDB that needs fixed.