Hi everyone,
I have a Twingate VPN setup, and I want to use it to restrict access to the Atlas MongoDB Console. Specifically, I want only users connected through our Twingate Client to have access to the Atlas MongoDB Console.
Here’s some additional information:
• We are working with AWS.
• If connecting to the Atlas MongoDB Console requires Elastic IP addresses (Static IP), I can set it up in AWS.
Could anyone help me figure out how to solve this issue?
Thanks in advance for your help, waiting for your feedback.
Hi u/Jaded_Celebration396! From what I’ve seen there are a few steps that are needed:
MongoDB Atlas Console
Twingate:
- Create a resource in your AWS Remote Network for
cloud.mongodb.com
- Grab the public IP(s) of Connector(s) in the Remote Network that the MongoDB Atlas Console resource is in (Remote Network => Connector(s) => Public IP)
MongoDB Atlas Console:
- Going off their docs, it sounds like the first step is to get Support to turn on IP access lists for the Atlas UI (so it shows up under Organization => Settings)
- Follow the steps in the docs to add the public IP(s) of the Connector(s)
Now try with Twingate running to test connections originating from your protected environment! Alternatively, you can go the SaaS App Gating route (SSO w/ your IdP) if users are accessing via SSO. Hope that helps!
MongoDB Databases
… and for those that found this thread and are also looking to understand how to restrict DB access behind Twingate:
Twingate:
- Create a resource in your Remote Network for
*.mongodb.net
- Grab the public IP(s) of Connector(s) in the Remote Network that the MongoDB Atlas Console resource is in (Remote Network => Connector(s) => Public IP)
MongoDB Atlas Console:
- For the project in question, navigate to Project X => Security => Network Access and add the Connector IP(s) to the IP Access List
- Access via your preferred connection method over Twingate!
mongosh "mongodb+srv://cluster0.XYZ.mongodb.net/" --apiVersion 1 --username grady-tg --password XXXXXXXXXXX
Awesome, glad to hear it!
