Can not connect to MongoDB Atlas

[TonyHenrique]

I wrote a simple AWS Serverless ASP Net Core 2.0 WebAPI
This connects to a MongoDB Atlas Database. But it is not working. It is giving timeout.
I test locally and it Works. I publish to Azure it Works.

I suspect this is being caused by AWS CloudFormation firewall .

When I publish to AWS Serverless , it gives error:

502 Bad Gateway

{
"message": "Internal server error"
}

I checked the logs,

Unhandled Exception: System.TimeoutException: A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "1", ConnectionMode : "ReplicaSet", Type : "ReplicaSet", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/cluster0-shard-00-00-3lmjx.mongodb.net:27017" }", EndPoint: "Unspecified/cluster0-shard-00-00-3lmjq.mongodb.net:27017", State: "Disconnected", Type: "Unknown" }, { ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/cluster0-shard-00-01-3lmjx.mongodb.net:27017" }", EndPoint: "Unspecified/cluster0-shard-00-01-3lmjx.mongodb.net:27017", State: "Disconnected", Type: "Unknown" }, { ServerId: "{ ClusterId : 1, EndPoint : "Unspecified/cluster0-shard-00-02-3lmjq.mongodb.net:27017" }", EndPoint: "Unspecified/cluster0-shard-00-02-3lmjq.mongodb.net:27017", State: "Disconnected", Type: "Unknown" }] }.

How to debug and solve this?

My serveless.template

{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Transform" : "AWS::Serverless-2016-10-31",
  "Description" : "An AWS Serverless Application that uses the ASP.NET Core framework running in Amazon Lambda.",

  "Parameters" : {
    "ShouldCreateBucket" : {
      "Type" : "String",        
      "AllowedValues" : ["true", "false"],
      "Description" : "If true then the S3 bucket that will be proxied will be created with the CloudFormation stack."
    },  
    "BucketName" : {
        "Type" : "String",
        "Description" : "Name of S3 bucket that will be proxied. If left blank a new table will be created.",
        "MinLength" : "0"
    }
  },

  "Conditions" : {
    "CreateS3Bucket" : {"Fn::Equals" : [{"Ref" : "ShouldCreateBucket"}, "true"]},
    "BucketNameGenerated" : {"Fn::Equals" : [{"Ref" : "BucketName"}, ""]}
  },

  "Resources" : {

    "ProxyFunction" : {
      "Type" : "AWS::Serverless::Function",
      "Properties": {
        "Handler": "AWSServerless1::AWSServerless1.LambdaEntryPoint::FunctionHandlerAsync",
        "Runtime": "dotnetcore2.0",
        "CodeUri": "",
        "MemorySize": 256,
        "Timeout": 30,
        "Role": null,
        "Policies": [ "AWSLambdaFullAccess" ],
        "Environment" : {
          "Variables" : {
            "AppS3Bucket" : { "Fn::If" : ["CreateS3Bucket", {"Ref":"Bucket"}, { "Ref" : "BucketName" } ] }
          }
        },
        "Events": {
          "PutResource": {
            "Type": "Api",
            "Properties": {
              "Path": "/{proxy+}",
              "Method": "ANY"
            }
          }
        }
      }
    },

    "Bucket" : {
        "Type" : "AWS::S3::Bucket",
        "Condition" : "CreateS3Bucket",
        "Properties" : {
            "BucketName" : { "Fn::If" : ["BucketNameGenerated", {"Ref" : "AWS::NoValue" }, { "Ref" : "BucketName" } ] }
        }
    }
  },

  "Outputs" : {
    "S3ProxyBucket" : {
        "Value" : { "Fn::If" : ["CreateS3Bucket", {"Ref":"Bucket"}, { "Ref" : "BucketName" } ] }
    }
  }
}

[raban33]

@TonyHenrique, this seems like role your lambda is running if its set to doesn't have access to your database resources, since role is null in yoir serverless template, it generates it randomly. You will need to go to IAM and change policy to have access to Mongodb, Also ensure you are setting lambda to right VPC.

[TonyHenrique]

I checked IAM and could not find a MongoDB option in services, is there a blog posting showing how to connect to MongoDB Atlas from AWS Lambda ASP Net Core 2.0 ?

Or how can I edit this file to allow this outgoing connection?

[raban33]

@TonyHenrique Not sure on MongoDB(perhaps outbound internet connection) but essentially for Dynamo you would just give dynamoDb: * to access all resources for dynamo.

[TonyHenrique]

At the moment the application Data was already developed on Mongo DB,
and need to access port 27017 on *.mongodb.net

[raban33]

@TonyHenrique can you verify if lambda has outbound internet connection and then perhaps look into the incoming traffic on to mongodb?

[TonyHenrique]

I published the same Project to Azure and it Works.
On AWS it seems to be firewall blocked.

How to enable address / ports on firewall so I can connect to Mongo Atlas ?

[Kralizek]

Are the lambda function and the mongo database hosted both in vpc or both in EC2 classic?

[TonyHenrique]

No. I published the ASP Net Core to AWS Lambda,
but the MongoDB is hosted on Mongo Atlas Service (https://www.mongodb.com/cloud/atlas)

So My ASP NET Needs to access
port 27017 on *.mongodb.net

How can I edit My serveless.template to allow this outgoing connection?

[Kralizek]

Is your lambda in a vpc with no internet access? Can you do a get to www.google.com?

I never tried mongo atlas.

[jaydestro]

@TonyHenrique it looks like a connection string issue but i've asked a team member to confirm

[rlondner]

@TonyHenrique I confirm it looks like a connection string issue. Where did you configure it in your code and more importantly, which value did you assign to it? (you should mask the auth credentials in that connection string if you plan to paste it here).

The "Unspecified/cluster0-shard-00-00-3lmjx.mongodb.net:27017" value is the red flag here so we'd have to know where your Lambda function is retrieving this info from. I'd suggest you ping me directly on Slack after you join our Community Slack Network at https://community-slack.mongodb.com

[TonyHenrique]

The connection does not contains that "Unspecified"

It appears only on AWS error. Also I know it is not wrong connection, because it Works locally, and also on Azure. Only on AWS this error appears.

The error is a Timeout error. Looks like a Firewall issue.

[jaydestro]

@TonyHenrique recommend you go onto the slack @rlondner mentioned or open a jira with MongoDB support https://jira.mongodb.org

Did you open the whitelist for your lambda connection in Atlas?

https://docs.atlas.mongodb.com/security-whitelist/

[TonyHenrique]

It is not a MongoDB issue, it Works fine on Azure and Local.
The connection is only blocked when started from AWS Lambda.

I also checked MongoDB IP Whitelist:

0.0.0.0/0 (includes your current IP address)

[jaydestro]

@TonyHenrique def join the slack - we'll see if we can talk you through it.

[normj]

I noticed in the Mongo DB docs that it says for the C# driver on .NET Core it can't connect to the free tier and a couple other cluster configurations in Linux. Lambda is a Linux environment so could that be the problem?

[normj]

Closing for lack of activity

[RobOverman]

Was there ever a solution @normj @jaydestro ? I'm running into this issue right now.

[acronoah]

Same here. Trying to run a lambda in AWS to connect via public IP to the free tier. Doesn't work. Looks like lambda is running my function on linux.

[alexAlchemy]

Yeah I'm getting this issue too. A fix would be nice :-)

[sepatel]

Ditto here. Everything was working great on Atlas' Azure but when we migrated to Atlas' AWS this past weekend we are seeing this same issue happening.

[mplgn]

Any resolution? Same thing here -- Azure works fine, but AWS returns:

502 Bad Gateway { "message": "Internal server error" }

And this particular api method does not use the database, so that's not an issue.

[hrai]

I was getting this error.

I realised the issue was because of no outbound traffic from lambda.

I modified it to be in the VPC that allowed outbound traffic and the connection to Mongo started working.

[NSegal]

I had this issue in Azure and I solved it! I was using the free tier of MongoDB atlas.

Whitelist the IP by going to the console and type: "Curl -o output.txt icanhazip.com" then "cat output.txt". Add this entry to your Mongolabs IP address whitelist.