Secure Atlas Cluster Access with Project IP Whitelisting

Question

Pulumi · Accepted Answer

Securing access to your MongoDB Atlas cluster by using Project IP Whitelisting involves restricting the IP addresses (or ranges of IP addresses) that are permitted to connect to the cluster.

In Pulumi, IP whitelisting can be managed through the `mongodbatlas.ProjectIpAccessList` resource. This resource allows you to specify allowable IP addresses, CIDR blocks, or AWS security group entries that can access your MongoDB Atlas project and its clusters.

Here is a Pulumi program in Python that sets up IP whitelisting for an Atlas cluster:

1. It starts by creating a new MongoDB Atlas project using the `mongodbatlas.Project` resource.
2. Then we create an IP access list entry using the `mongodbatlas.ProjectIpAccessList` resource.
3. We will define a specific IP address, or a range of IP addresses in CIDR notation, that we want to whitelist.
4. Additionally, we can add an optional description for each entry to remember why we allowed access from this IP or range.

Below is the Pulumi program that accomplishes this:

```python
import pulumi
import pulumi_mongodbatlas as mongodbatlas

# Initialize a Pulumi stack for MongoDB Atlas
# Configure your MongoDB Atlas API tokens using the Pulumi configuration system
# or environmental variables.

# Create a new MongoDB Atlas project
project = mongodbatlas.Project("my-atlas-project",
    # Parameters like organization ID will be your organization's ID
    org_id="your_org_id",
)

# Define an IP access list for the Atlas project.
# This could be your office or home IP address to limit access to your cluster
ip_access_list = mongodbatlas.ProjectIpAccessList("my-ip-access-list",
    project_id=project.id,
    ip_address="192.168.1.15",  # Replace with the IP address you wish to whitelist
    comment="Whitelisted IP for secure access"
)

# Export the ID of the project and the CIDR block of the IP access list entry
pulumi.export("project_id", project.id)
pulumi.export("whitelisted_ip", ip_access_list.ip_address)
```

Here's a breakdown of what we're doing:

- Import the required modules.
- Create a new MongoDB Atlas project where your Atlas cluster will reside.
- Set up an IP whitelisting entry for that project to restrict access.
- Export identifiers for the project and whitelisting entry for further references in the Pulumi console.

The IP address you whitelist should have the necessary access to manage the cluster. Be cautious with the IPs you whitelist to ensure the security of your MongoDB Atlas clusters.

Remember to replace `"your_org_id"` with your actual MongoDB Atlas Organization ID and `"192.168.1.15"` with the IP address or CIDR block that you wish to whitelist.

After running the Pulumi program, your specified IP address will have access to the MongoDB Atlas project you created, and as a result, to the clusters contained within that project. This is crucial for maintaining the security of your database by ensuring only authorized users or services can connect to it.