Isolated Network Integration via MongoDB Atlas PrivateLink

Question

Pulumi · Accepted Answer

To create an isolated network integration using MongoDB Atlas PrivateLink, you would need to use the resources provided by the `pulumi_mongodbatlas` package. PrivateLink allows you to seamlessly connect your cloud services within AWS, Azure, or GCP to MongoDB Atlas with high security and low latency, entirely within a provider's network.

In this example, we will focus on creating a PrivateLink Endpoint that connects to MongoDB Atlas, which would allow secure and private connectivity from a virtual network within a cloud provider to the MongoDB Atlas service without traversing the public internet.

In the Pulumi program below, you'll see how to:

1. Create a PrivateLink Endpoint on MongoDB Atlas using the `PrivateLinkEndpoint` resource.
2. Configure the endpoint service using `PrivateLinkEndpointService` resource, to be consumed by the endpoint we have created.

Here is a detailed breakdown of how to do it using Pulumi and Python:

```python
import pulumi
import pulumi_mongodbatlas as mongodbatlas

# Configuration for your MongoDB Atlas project and the cloud provider name ('AWS', 'AZURE', or 'GCP').
# Replace {YOUR-PROJECT-ID} with your MongoDB Atlas project ID.
project_id = 'YOUR-PROJECT-ID'
provider_name = 'AWS'
region_name = 'us-east-1' # Region for your Private Endpoint, depending on your provider.

# Create a PrivateLink endpoint.
private_link_endpoint = mongodbatlas.PrivateLinkEndpoint("myPrivateLinkEndpoint",
    project_id=project_id,
    provider_name=provider_name,
    region=region_name)

# The `PrivateLinkEndpointService` resource is used to create an endpoint service in the MongoDB Atlas project
# which is then used to service the endpoint connections over PrivateLink.
# Replace {YOUR-ENDPOINT-SERVICE-ID} with your endpoint service ID in MongoDB Atlas.
private_link_endpoint_service = mongodbatlas.PrivateLinkEndpointService("myPrivateLinkEndpointService",
    project_id=project_id,
    provider_name=provider_name,
    endpoint_service_id="{YOUR-ENDPOINT-SERVICE-ID}",
    endpoints=[{
        "endpointId": private_link_endpoint.endpoint_id,
        # Additional properties like `status`, `ipAddress`, etc., can be set as needed.
    }])

# Export the Private Link Endpoint ID and Service ID to be used or referenced outside of Pulumi.
pulumi.export('privateLinkEndpointId', private_link_endpoint.endpoint_id)
pulumi.export('privateLinkEndpointServiceId', private_link_endpoint_service.endpoint_service_id)
```

To use this code:

- Replace `YOUR-PROJECT-ID` with your MongoDB Atlas project ID.
- Set `provider_name` to your cloud provider name; this example uses 'AWS'.
- Change `region_name` to the region you want to use for your Private Endpoint.

This code creates a PrivateLink Endpoint in MongoDB Atlas and then associates it with a PrivateLink Endpoint Service. You will need to retrieve the `endpoint_service_id` from MongoDB Atlas to replace `{YOUR-ENDPOINT-SERVICE-ID}` before running this program.

After running this Pulumi program, your MongoDB Atlas cluster should be accessible through the provider's private network, enhancing security and potentially reducing latency.

For further information and detailed documentation, you can visit the MongoDB Atlas PrivateLink [`PrivateLinkEndpoint`](https://www.pulumi.com/registry/packages/mongodbatlas/api-docs/privatelinkendpoint/) and [`PrivateLinkEndpointService`](https://www.pulumi.com/registry/packages/mongodbatlas/api-docs/privatelinkendpointservice/) resource pages.

Before you run the program, ensure you have the Pulumi CLI installed, authenticated with your cloud provider, and the `pulumi_mongodbatlas` plugin installed. Then, you can run `pulumi up` to deploy the resources.