Overview

• MongoDB has established itself as a leading NoSQL product over the years. It is widely used as a storage solution suitable for the modern web era, characterized by high traffic and large amounts of data, due to its superior sharding and scale-out capabilities compared to traditional RDBMS systems.

• Managing MongoDB requires considerable expertise and effort. For production-level deployment, it is recommended to use the MongoDB Atlas managed cloud serverless service offered by the manufacturer. This service automates most of the complex and challenging management tasks, such as scaling out in response to data growth, and provides a very convenient browser-based management UI. Especially since June 2019, the MongoDB Atlas Full-Text Search service has been available, which is highly recommended within the MongoDB ecosystem for focusing purely on full-text search without worrying about complex backend architecture. [Related Link]

Creating a MongoDB Atlas Cluster

• Creating a MongoDB Atlas cluster is intuitive through the web console. Below is an example of creating an M10 cluster tier in the AWS cloud's Seoul region, recommended for development environments but with no scaling limitations later on.

MongoDB Atlas Console
# Deployment
→ Click [Database]
→ Click [Build a Database]
→ Click [Advanced Configuration Options]
→ Click [Dedicated]

# Global Cluster Configuration
→ Uncheck [Enable Global Writes]

# Deploy your database
→ Provider: Select [AWS]
→ Region: Select [Seoul]

# Cluster Tier
→ Tier: Select [M10] (2GB RAM, 10GB Storage, 2 vCPUs, from $0.10/hr)
→ Storage: Enter 10
→ Check [Cluster Tier Scaling]
→ Check [Allow cluster to be scaled down]
→ Minimum cluster size: Select [M10]
→ Maximum cluster size: Select [M30]
→ Check [Storage Scaling]

# Additional Settings
→ Select a Version: Choose [MongoDB 7.0]
→ Check [Turn on Cloud Backup]
→ Check [Continuous Cloud Backup]
→ Uncheck [Enable Business Intelligence Connector]

# Cluster Name
→ Cluster Name: Enter {db-name}
→ Click [Create Cluster]

# Security Quickstart
→ How would you like to authenticate your connection?: [Username and Password]
→ Username: {db-admin-username}
→ Password: {db-admin-password}
→ Click [Create User]

• The M10 and M20 cluster tiers are recommended for development environments.

• The M30 tier and above are recommended for production environments with high traffic volumes. From this tier onwards, sharding is supported.

• Starting from M10, auto-scaling without downtime is supported, provided that General is selected during cluster tier selection. This feature automatically adjusts the cluster tier and storage capacity based on incoming traffic.

• From M10 onwards, clusters are configured as replica sets by default, which can be upgraded to shards during operation. Note that upgrading to shards requires a minimum tier upgrade to M30, and once converted to shards, downgrading to tiers below M30 is not possible.

• Starting from M10, VPC Peering is supported, allowing the application's VPC and MongoDB Atlas to be treated as the same internal network. This enables pure internal communication without going through the external internet.

Creating an Amazon VPC Peering Connection

• MongoDB Atlas is a managed service that offers public connections, but it's possible to place it alongside an application within an isolated internal network by creating a VPC Peering Connection with a privately configured Amazon VPC. This can significantly enhance security by preventing unauthorized access to sensitive data. The method to create a VPC Peering Connection is as follows:

AWS VPC Console
→ Click [VPC]
→ Select the existing private VPC for which you want to create a peering connection
→ [Edit VPC settings] → Check [Enable DNS hostnames] → Check [Enable DNS resolution] → Click [Save]
(Remember the owner ID of this VPC: 111111111111)
(Remember the ID of this VPC: vpc-11111111111111111)
(Remember the CIDR of this VPC: 10.0.0.0/16)

• Next, create a peering connection request on MongoDB Atlas as follows:

MongoDB Atlas Console
→ Click [Atlas] → Click [Network Access] → Click [Peering]
→ Click [Add Peering Connection]

# Peering Connection
→ Cloud Provider: Select [AWS] → Click [Next]

# Your Application VPC
→ Account ID: Enter 111111111111 (the remembered owner ID of the VPC)
→ VPC ID: Enter vpc-11111111111111111 (the remembered ID of the VPC)
→ VPC CIDR: Enter 10.0.0.0/16 (the remembered CIDR of the VPC)
→ Check [Add this CIDR block to my IP whitelist]
→ Application VPC Region: Select [ap-northeast-2] (select region)

# Your Atlas VPC
→ Atlas VPC Region: ap-northeast-2 (not selectable)
→ VPC CIDR: 192.168.120.0/21 (non-enterable, remember for later input in AWS VPC Console)
→ Click [Initiate Peering]
(Ensure the Status changes to Waiting for Approval)

• Return to the AWS VPC console to accept the requested peering connection and add it to the routing table.

Access AWS VPC Console
→ Click [Peering connections]
→ (Select peering connection with Status: Pending acceptance)
→ Click [Actions] → Click [Accept request] → Click [Accept request]

# Accept VPC Peering Connection Request
→ Click [Yes, Accept]
→ Click [Modify my routing tables now]

# Routing Table
→ Click [Routes]
→ Click [Edit routes]
→ Click [Add route]
→ Destination: Enter 192.168.120.0/21 (the remembered CIDR of the VPC) → Target: Select [Peering Connection] → Select {your-vpc-peering-connection}
→ Click [Save routes]

Verifying Peering Connection on Amazon EC2

• After creating the peering connection, you can verify a successful connection from an Amazon EC2 instance located in the same VPC (and subnet). The method is as follows:

# Register Atlas CLI repository on Amazon Linux
$ sudo nano /etc/yum.repos.d/mongodb-org-7.0.repo
[mongodb-org-7.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/7.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-7.0.asc

# Install Atlas CLI
$ sudo yum install mongodb-atlas -y

# Verify Atlas CLI version
$ atlas --version
atlascli version: 1.19.0

# Verify MongoDB Atlas DB Peering Connection
$ mongosh "mongodb+srv://{db-admin-username}:{db-admin-password}@{db-srv}"

Creating a New User

• You can use the Atlas CLI to create a new user account. Below is an example of creating a new user and granting readWrite and dbAdmin roles:

# Create new user account for specific database
$ atlas dbusers create --username {new_username} --password {password} --role readWrite@{mongodb-atlas-db-name} --role dbAdmin@{mongodb-atlas-db-name} --projectId {mongodb-atlas-project-id}

Reference Articles

• Atlas Sizing and Tier Selection

• Introducing VPC Peering for MongoDB Atlas