mongodb · themantissa · Oct 21, 2020 · Oct 20, 2020 · Oct 20, 2020 · Oct 21, 2020
@@ -0,0 +1,109 @@
+# Example - AWS and Atlas PrivateLink with Terraform
+
+This project aims to provide a very straight-forward example of setting up PrivateLink connection between AWS and MongoDB Atlas.
+
+
+## Dependencies
+
+* Terraform v0.13
+* An AWS account - provider.aws: version = "~> 3.3"
+* A MongoDB Atlas account - provider.mongodbatlas: version = "~> 0.6"
+
+## Usage
+
+**1\. Ensure your AWS and MongoDB Atlas credentials are set up.**
+
+This can be done using environment variables:
+
+``` bash
+$ export AWS_SECRET_ACCESS_KEY='your secret key'
+$ export AWS_ACCESS_KEY_ID='your key id'
+```
+
+```bash
+export MONGODB_ATLAS_PUBLIC_KEY="xxxx"
+export MONGODB_ATLAS_PRIVATE_KEY="xxxx"
+```
+
+... or the `~/.aws/credentials` file.
+
+```
+$ cat ~/.aws/credentials
+[default]
+aws_access_key_id = your key id
+aws_secret_access_key = your secret key
+
+```
+... or follow as in the `variables.tf` file and create **terraform.tfvars** file with all the variable values and make sure **not to commit it**.
+
+**2\. Review the Terraform plan.**
+
+Execute the below command and ensure you are happy with the plan.
+
+``` bash
+$ terraform plan
+```
+This project currently does the below deployments:
+
+- MongoDB cluster - M10
+- AWS Custom VPC, Internet Gateway, Route Tables, Subnets with Public and Private access
+- PrivateLink Connection at MongoDB Atlas
+- Create VPC Endpoint in AWS
+
+**3\. Configure the security group as required.**
+
+The security group in this configuration allows All Traffic access in Inbound and Outbound Rules.
+
+**4\. Execute the Terraform apply.**
+
+Now execute the plan to provision the AWS and Atlas resources.
+
+``` bash
+$ terraform apply
+```
+
+**5\. Destroy the resources.**
+
+Once you are finished your testing, ensure you destroy the resources to avoid unnecessary charges.
+
+``` bash
+$ terraform destroy
+```
+
+**Important Point**
+
+To fetch the connection string follow the below steps:
+```
+output "atlasclusterstring" {
+    value = mongodbatlas_cluster.cluster-atlas.connection_strings
+}
+```
+**Outputs:**
+```
+atlasclusterstring = [
+  {
+    "aws_private_link" = {
+      "vpce-0ebb76559e8affc96" = "mongodb://pl-0-us-east-1.za3fb.mongodb.net:1024,pl-0-us-east-1.za3fb.mongodb.net:1025,pl-0-us-east-1.za3fb.mongodb.net:1026/?ssl=true&authSource=admin&replicaSet=atlas-d177ke-shard-0"
+    }
+    "aws_private_link_srv" = {
+      "vpce-0ebb76559e8affc96" = "mongodb+srv://cluster-atlas-pl-0.za3fb.mongodb.net"
+    }
+    "private" = ""
+    "private_srv" = ""
+    "standard" = "mongodb://cluster-atlas-shard-00-00.za3fb.mongodb.net:27017,cluster-atlas-shard-00-01.za3fb.mongodb.net:27017,cluster-atlas-shard-00-02.za3fb.mongodb.net:27017/?ssl=true&authSource=admin&replicaSet=atlas-d177ke-shard-0"
+    "standard_srv" = "mongodb+srv://cluster-atlas.za3fb.mongodb.net"
+  },
+]
+```
+
+To fetch a particular connection string, use the **lookup()** function of terraform as below:
+
+```
+output "plstring" {
+    value = lookup(mongodbatlas_cluster.cluster-atlas.connection_strings[0].aws_private_link_srv, aws_vpc_endpoint.ptfe_service.id)
+}
+```
+**Output:**
+```
+plstring = mongodb+srv://cluster-atlas-pl-0.za3fb.mongodb.net
+```
@@ -0,0 +1,24 @@
+resource "mongodbatlas_cluster" "cluster-atlas" {
+  project_id                   = var.atlasprojectid
+  name                         = "cluster-atlas"
+  num_shards                   = 1
+  replication_factor           = 3
+  provider_backup_enabled      = true
+  auto_scaling_disk_gb_enabled = true
+  mongo_db_major_version       = "4.2"
+
+  //Provider settings
+  provider_name               = "AWS"
+  disk_size_gb                = 10
+  provider_disk_iops          = 100
+  provider_volume_type        = "STANDARD"
+  provider_encrypt_ebs_volume = true
+  provider_instance_size_name = "M10"
+  provider_region_name        = var.atlas_region
+}
+output "atlasclusterstring" {
+  value = mongodbatlas_cluster.cluster-atlas.connection_strings
+}
+output "plstring" {
+  value = lookup(mongodbatlas_cluster.cluster-atlas.connection_strings[0].aws_private_link_srv, aws_vpc_endpoint.ptfe_service.id)
+}
@@ -0,0 +1,19 @@
+resource "mongodbatlas_private_endpoint" "atlaspl" {
+  project_id    = var.atlasprojectid
+  provider_name = "AWS"
+  region        = var.aws_region
+}
+
+resource "aws_vpc_endpoint" "ptfe_service" {
+  vpc_id             = aws_vpc.primary.id
+  service_name       = mongodbatlas_private_endpoint.atlaspl.endpoint_service_name
+  vpc_endpoint_type  = "Interface"
+  subnet_ids         = [aws_subnet.primary-az1.id, aws_subnet.primary-az2.id]
+  security_group_ids = [aws_security_group.primary_default.id]
+}
+
+resource "mongodbatlas_private_endpoint_interface_link" "atlaseplink" {
+  project_id            = mongodbatlas_private_endpoint.atlaspl.project_id
+  private_link_id       = mongodbatlas_private_endpoint.atlaspl.private_link_id
+  interface_endpoint_id = aws_vpc_endpoint.ptfe_service.id
+}
@@ -0,0 +1,59 @@
+//Create Primary VPC
+resource "aws_vpc" "primary" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+}
+
+//Create IGW
+resource "aws_internet_gateway" "primary" {
+  vpc_id = aws_vpc.primary.id
+}
+
+//Route Table
+resource "aws_route" "primary-internet_access" {
+  route_table_id         = aws_vpc.primary.main_route_table_id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.primary.id
+}
+
+//Subnet-A
+resource "aws_subnet" "primary-az1" {
+  vpc_id                  = aws_vpc.primary.id
+  cidr_block              = "10.0.1.0/24"
+  map_public_ip_on_launch = true
+  availability_zone       = "${var.aws_region}a"
+}
+
+//Subnet-B
+resource "aws_subnet" "primary-az2" {
+  vpc_id                  = aws_vpc.primary.id
+  cidr_block              = "10.0.2.0/24"
+  map_public_ip_on_launch = false
+  availability_zone       = "${var.aws_region}b"
+}
+
+/*Security-Group
+Ingress - Port 80 -- limited to instance
+          Port 22 -- Open to ssh without limitations
+Egress  - Open to All*/
+
+resource "aws_security_group" "primary_default" {
+  name_prefix = "default-"
+  description = "Default security group for all instances in ${aws_vpc.primary.id}"
+  vpc_id      = aws_vpc.primary.id
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "tcp"
+    cidr_blocks = [
+      "0.0.0.0/0",
+    ]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
@@ -0,0 +1,9 @@
+provider "mongodbatlas" {
+  public_key  = var.public_key
+  private_key = var.private_key
+}
+provider "aws" {
+  access_key = var.access_key
+  secret_key = var.secret_key
+  region     = var.aws_region
+}
@@ -0,0 +1,32 @@
+variable "public_key" {
+  description = "The public API key for MongoDB Atlas"
+}
+variable "private_key" {
+  description = "The private API key for MongoDB Atlas"
+}
+variable "atlasprojectid" {
+  description = "Atlas project ID"
+}
+variable "access_key" {
+  description = "The access key for AWS Account"
+}
+variable "secret_key" {
+  description = "The secret key for AWS Account"
+}
+variable "atlas_region" {
+  default     = "US_EAST_1"
+  description = "Atlas Region"
+}
+variable "aws_region" {
+  default     = "us-east-1"
+  description = "AWS Region"
+}
+variable "aws_account_id" {
+  description = "My AWS Account ID"
+}
+variable "atlasorgid" {
+  description = "Atlas Org ID"
+}
+variable "atlas_vpc_cidr" {
+  description = "Atlas CIDR"
+}
@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    mongodbatlas = {
+      source = "terraform-providers/mongodbatlas"
+    }
+  }
+  required_version = ">= 0.13"
+}
@@ -0,0 +1,81 @@
+# Example - Microsoft Azure and MongoDB Atlas VNET Peering
+
+This project aims to provide an example of using Azure and MongoDB Atlas together.
+
+
+## Dependencies
+
+* Terraform v0.13
+* Microsoft Azure account 
+* A MongoDB Atlas account 
+
+```
+Terraform v0.13.0
++ provider registry.terraform.io/hashicorp/azuread v1.0.0
++ provider registry.terraform.io/hashicorp/azurerm v2.31.1
++ provider registry.terraform.io/terraform-providers/mongodbatlas v0.6.5
+```
+
+## Usage
+
+**1\. Ensure your Azure credentials are set up.**
+
+1. Install the Azure CLI by following the steps from the [official Azure documentation](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
+2. Run the command `az login` and this will take you to the default browser and perform the authentication.
+3. Once authenticated, it will print the user details as below:
+
+```
+⇒  az login
+You have logged in. Now let us find all the subscriptions to which you have access...
+The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access.
+XXXXX
+[
+  {
+    "cloudName": "AzureCloud",
+    "homeTenantId": "XXXXX",
+    "id": "XXXXX",
+    "isDefault": true,
+    "managedByTenants": [],
+    "name": "Pay-As-You-Go",
+    "state": "Enabled",
+    "tenantId": "XXXXX",
+    "user": {
+      "name": "[email protected]",
+      "type": "user"
+    }
+  }
+]
+```
+
+**2\. TFVARS**
+
+Now create **terraform.tfvars** file with all the variable values and make sure **not to commit it**.
+
+**3\. Review the Terraform plan. **
+
+Execute the below command and ensure you are happy with the plan.
+
+``` bash
+$ terraform plan
+```
+This project currently does the below deployments:
+
+- MongoDB Atlas Azure cluster - M10
+- Azure Resource Group, VNET, Service Principal, Role-Definition, Role-Association
+- Azure-MongoDB Atlas VNET Peering
+
+**4\. Execute the Terraform apply.**
+
+Now execute the plan to provision the AWS resources.
+
+``` bash
+$ terraform apply
+```
+
+**5\. Destroy the resources.**
+
+Once you are finished your testing, ensure you destroy the resources to avoid unnecessary Azure and Atlas charges.
+
+``` bash
+$ terraform destroy
+```
@@ -0,0 +1,34 @@
+# Configure the MongoDB Atlas Provider and connect via a key
+provider "mongodbatlas" {
+  public_key  = var.public_key
+  private_key = var.private_key
+}
+# Create the mongodb atlas Azure cluster
+resource "mongodbatlas_cluster" "azure-cluster" {
+  project_id = var.project_id
+  name       = var.name
+  num_shards = 1
+
+  replication_factor           = 3
+  backup_enabled               = false
+  auto_scaling_disk_gb_enabled = true
+  mongo_db_major_version       = "4.2"
+
+  //Provider settings block in this case it is Azure
+  provider_name               = "AZURE"
+  provider_disk_type_name     = var.provider_disk_type_name
+  provider_instance_size_name = var.provider_instance_size_name
+  provider_region_name        = var.provider_region_name
+}
+
+# Create the peering connection request
+resource "mongodbatlas_network_peering" "test" {
+  project_id            = var.project_id
+  container_id          = mongodbatlas_cluster.azure-cluster.container_id
+  provider_name         = "AZURE"
+  azure_directory_id    = data.azurerm_client_config.current.tenant_id
+  azure_subscription_id = data.azurerm_client_config.current.subscription_id
+  resource_group_name   = var.resource_group_name
+  vnet_name             = var.vnet_name
+  atlas_cidr_block      = var.atlas_cidr_block
+}