How to access a service with Controlled Network Access from the Auto Scaling Group?

Question

Setup Description:
1. I have an auto scaling group with one instance inside, but it can scale up to 2 instances.
2. Each instance in the group should read information from the MongoDB.
3. The MongoDB has network inbound rules so that, not every IP can access the MongoDB.
4. When auto scaling group scales, it creates new instance that has random IP generated by AWS. So they have no access to the Mongo DB by default.

Problem:
How to make all instances inside auto scaling group to access the Mongo DB without making Mongo DB be accessible to all IPs?

Accepted Answer

Hello.

Where is Mongo DB managed?  
If Mongo DB is installed on EC2, I think there will be no problem just by allowing the EC2 security group of the AutoScaling group in the security group.  
https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-referencing

If Mongo DB exists on-premises and provides public access, you can fix the IP address by creating a NAT Gateway within the VPC and directing EC2 communication via the NAT Gateway.  
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-basics

If you are accessing on-premises via VPN, I think you can use a method to allow VPC CIDR.

Answer

There is a related post that helped me:
https://serverfault.com/questions/664960/aws-public-subnet-autoscaling-group-with-outbound-nat

How to access a service with Controlled Network Access from the Auto Scaling Group?

Relevant content