Configure MongoDB Atlas using IP allowlists

This page describes how to establish a secure connection between MongoDB Atlas source database and Datastream by allowlisting specific IP addresses. The IP allowlist connectivity method ensures that your database only accepts traffic from an authorized Datastream instance.

Configure a MongoDB database user

To use Datastream with a MongoDB Atlas instance, you first need to create a database user and grant them access privileges:

  1. In the MongoDB Atlas dashboard, under Security, click Database access.
  2. Click New database user and select the password authentication method for your user.
  3. Enter the username and password for your Datastream user.
  4. Under Database user privileges, select Grant specific user privileges.
  5. Under Specific privileges, add the following role:
    • readAnyDatabase
  6. Click Add user.

Retrieve Datastream public IP addresses

When you create a connection profile for your source database, you need to retrieve the public IP addresses for Datastream to authorize them in MongoDB Atlas.

  1. Go to the Connection profiles page in the Google Cloud Console.

    Go to the Connection profiles page

  2. Click Create profile and select MongoDB.

  3. Enter the connection details, including the connection profile name, hostname or IP address, port, and database user credentials.

  4. In the Define connection settings section, locate the list of Datastream public IP addresses.

  5. Copy these IP addresses.

Configure IP allowlists in MongoDB Atlas

Allow the Datastream public IP addresses in your MongoDB Atlas security settings:

  1. Sign in to your MongoDB Atlas account.
  2. In the navigation menu, click Security, and then click Network access.
  3. Click Add IP address.
  4. Enter the first IP address that you copied from Datastream.
  5. Repeat this process for each IP address that you want to allowlist.
  6. Click Confirm and wait for the status to change to Active.

Test and create the connection profile

After you activate the IP allowlists in MongoDB Atlas, you can verify the connection.

  1. Go back to the Connection profiles setup page in the Google Cloud console.
  2. Click Run test to test the connectivity to your database.
  3. Verify that the test succeeds, and then click Create to save the profile.

If the test fails, check that all Datastream IP addresses are active in the Atlas instance Network access list and that the database user has the correct privileges assigned.