Configure AWS PrivateLink for MongoDB Atlas

1. Tutorial overview

Last Updated: 2024-02-22

Background

AWS PrivateLink allows private connectivity between virtual private clouds (VPC), supported AWS services, and on-premises networks. This connection does not expose traffic to the public internet, making it a great choice for data federation across cloud and on-prem networks and other use cases.

Starburst Galaxy extends support for AWS PrivateLink across certain catalogs. This tutorial will guide you through the process needed to configure PrivateLink for MongoDB Atlas.

Scope of tutorial

In this tutorial, you will learn how to configure AWS PrivateLink for MongoDB Atlas.

Learning objectives

Once you've completed this tutorial, you will be able to:

• Configure AWS PrivateLink for connectivity from Starburst Galaxy to MongoDB Atlas.
• Use PrivateLink to securely connect Starburst Galaxy to MongoDB Atlas.

Prerequisites

• You need a Starburst Galaxy account to complete this tutorial. Please see Starburst Galaxy: Getting started for instructions on setting up a free account.
• This tutorial comes with a bring your own storage requirement. Before proceeding with this lesson, you must already have an existing MongoDB Atlas subscription with a Serverless, Dedicated, or Federated cluster.

About Starburst tutorials

Starburst tutorials are designed to get you up and running quickly by providing bite-sized, hands-on educational resources. Each tutorial explores a single feature or topic through a series of guided, step-by-step instructions.

As you navigate through the tutorial you should follow along using your own Starburst Galaxy account. This will help consolidate the learning process by mixing theory and practice.

2. Working with a Starburst technical resource

Background

If you are configuring PrivateLink for the first time you are encouraged to work with a Starburst technical resource. This individual will work with you to set up the environment needed to complete the tutorial.

Contacting your technical resource

To be assigned this resource, you should reach out to your regular Starburst account team for assistance.

Working together

Once assigned, your Starburst technical resource will work with you to set up an environment where you can complete the tutorial.

Please review the following overview of this process before beginning the tutorial.

Your responsibilities:

• Confirm that you have the correct MongoDB Atlas deployment type, either Serverless deployment or Dedicated deployment.
• Confirm that you have the required role and privileges necessary to add PrivateLink.
• Launch theMongoDB Private Endpoint configuration wizard.
• Exchange information with your Starburst support via support tickets to connect Starburst Galaxy using PrivateLink.

3. MongoDB PrivateLink architecture

Background

Understanding the MongoDB PrivateLink architecture is important when completing the steps in this tutorial. In this section you will learn about this architecture and the way that Starburst Galaxy uses it to securely connect private clouds.

This tutorial also follows MongoDB documentation on the topic. It is recommended that you consult this documentation before beginning.

Reference architecture

The following diagram illustrates a PrivateLink connection between the Starburst Galaxy VPC and the MongoDB Atlas VPC.

Review the diagram and corresponding notes below for more information.

1. Once the PrivateLink configuration is complete, an endpoint is created in the Starburst Galaxy VPC (VPC A).
   
   This endpoint connects to a Network Load Balancer located inside an endpoint service situated in the MongoDB Atlas VPC (VPC B).
   
   This establishes a private connection between Starburst Galaxy and MongoDB Atlas, enabling PrivateLink functionality.
2. In this reference architecture, the Starburst Galaxy VPC is VPC A.
3. In this reference architecture, the MongoDB Atlas VPC is VPC B.

4. Confirm MongoDB Atlas account details

Background

MongoDB Atlas only supports PrivateLink for Dedicated, Serverless, or Federated clusters. You must have access to either the Organization Owner or Project Owner role to be able to configure PrivateLink.

This section will walk you through the process of confirming that you meet all the requirements.

Step 1: Check your cluster type

Let's begin by ensuring that you have the appropriate cluster type needed to complete this tutorial.

You can find this information in the Database Deployments section of the MongoDB Atlas UI.

• Sign in to your MongoDB Atlas account.
• Using the left-hand navigation menu, in the Deployment section, select Database.
• Select the Database Deployment that you want to connect to using PrivateLink.
• Confirm that this Deployment's cluster type is listed as either a Dedicated or Serverless cluster.

Step 2: Confirm your role

Next, it's time to confirm your role. Not all roles have the permissions needed to complete this tutorial.

To continue, you will need to check that you have access to either the Organization Owner or Project Owner role.

• Select the Access Manager menu.
• Select either Organization Access or Project Access for your project.
• Confirm that either the Organization Owner or Project Owner role is listed.

Option 1: Organization Access

Option 2: Project Access

5. Configure a private endpoint for your MongoDB Atlas project

Background

Now it's time to begin configuring PrivateLink in your MongoDB Atlas account. You'll be working closely with Starburst technical support to complete the remainder of this tutorial.

Step 1: Return to your project

In the last section of this tutorial, you accessed your project using the MongoDB UI.

To complete this tutorial, you're going to return to this project and continue where you left off.

• Select the Organization drop-down menu.
• Select your Organization.
• Select your Project.

Step 2: Launch the Private Endpoint wizard

MongoDB provides a Private Endpoint wizard that simplifies the process of configuring PrivateLink for your cluster.

• Using the left-hand navigation menu, in the Security section, select Network Access.
• Select the Private Endpoint tab.
• Select the tab corresponding to your cluster type.
  
  For example, we are using a Dedicated Cluster in the image below.
• Select + Add Private Endpoint.

Step 3: Create private endpoint

Now you're ready to create a private endpoint and select the cloud provider and region.

• In the cloud provider section, select AWS.
• Click the Next button.
• Select your region using the drop-down menu.
• Click the Next button.

Step 4: Confirm creation of endpoint

Your MongoDB Atlas endpoint service is now being created.

Wait for the process to finish before moving to the next step.

• Confirm that the service endpoint process is listed as Atlas Endpoint Service Ready.

Step 5: Record the endpoint service ID

Now it's time to record the endpoint service ID. You will need to send this to Starburst technical support via support ticket. To record the endpoint service ID, you will need to enter several values then record the endpoint service ID when it is generated.

• Return to the Private Endpoint wizard.
• In the Your VPC ID field, enter vpc-galaxy.
• In the Your Subnet IDs field, enter subnet-galaxy.
• Click the Copy button.
• Click Next.

Step 6: Open support ticket

You are going to use the automated assistant in Starburst Galaxy to open a support ticket and provide support with the Endpoint Service ID that you just copied.

• Log in to Starburst Galaxy.
• Click the support icon located at the bottom right of the screen.
• Select Chat with technical support.
• Select Submit a Support Ticket.
• The automated assistant will ask you to provide your email address, first name, and last name.
• When you receive the prompt to describe your issue, note that you need assistance configuring AWS PrivateLink for MongoDB Atlas. Be sure to include the Endpoint Service ID you just copied.
• Wait for Starburst support to provide you with your VPC Endpoint ID. This final piece of information will allow you to complete the Private Endpoint wizard.

Step 7: Finalize endpoint connection

Once you receive the VPC Endpoint ID, you are ready to finalize your endpoint connection.

You will then record the endpoint for use in the following step.

• Wait for Starburst support to provide you with the VPC Endpoint ID.
• In the Your VPC Endpoint ID field, enter your VPC Endpoint ID.
• Click the Create button.
• Wait for the Endpoint Status to go from Pending to Available.
• Record the Endpoint.
  
  For example, vpce-xxxxxx.

Step 8: Prepare to copy the connection string

You've finished most of the steps necessary to configure PrivateLink.

Next, you need a few more pieces of information for Starburst support. This will enable them to finish establishing the connection on their side.

Starburst support will notify you when they have completed configuration of PrivateLink in Galaxy. After this, you will be ready to use PrivateLink to securely configure your MongoDB Atlas catalog.

• Using the left-hand navigation menu, in the Deployment section, select Database.
• Click the Connect button.
• Select Private Endpoint.
• Using the private endpoint drop-down menu, select the endpoint that you just created.
• Click the Choose a connection method button.

Step 9: Copy the connection string

You're almost done! For the final step, you need to locate the connection string and copy it.

• In the Connect to your application section, select Drivers.
• Using the Driver drop-down menu select Java.
  Note: The Java version does not matter in this case.
• Copy the connection string and send it to Starburst support by opening a Starburst Galaxy support ticket.
• When you send the connection string, let them know your preferred Starburst Galaxy PrivateLink connection name. This will be what you see when you use PrivateLink to connect a catalog in Starburst Galaxy. We recommend including the name of your database for ease of recognition.

Note: Your Starburst Galaxy PrivateLink connection name cannot include spaces!

• Click the Close button.

6. Tutorial wrap-up

Tutorial complete

Congratulations! You have reached the end of this tutorial, and the end of this stage of your journey.

You're all set! Now you can use PrivateLink to configure access to data in MongoDB Atlas.

Continuous learning

At Starburst, we believe in continuous learning. This tutorial provides the foundation for further training available on this platform, and you can return to it as many times as you like. Future tutorials will make use of the concepts used here.

Next steps

Starburst has lots of other tutorials to help you get up and running quickly. Each one breaks down an individual problem and guides you to a solution using a step-by-step approach to learning.

Tutorials available

Visit the Tutorials section to view the full list of tutorials and keep moving forward on your journey!