Navigation

mongocli atlas networking peering azure create

The networking peering create azure command creates a peering connection between the Atlas VNet and your Azure VNet for a given Atlas project.

The networking peering create azure command checks if a VNet exists in the region you specify for your Atlas project. If one exists, this command creates the peering connection between that VNet and your VNet. If an Atlas VNet does not exist, this command creates one and creates a connection between it and your VNet.

Note

For details about how Atlas creates Network Peering connections with Azure VNets, see the Azure tab in Set up a Network Peering Connection in the Atlas documentation.

You must complete the following steps before you create each Azure network peering connection:

  1. Run the following Azure CLI command to create a service principal using the specified Atlas peering application ID:

    az ad sp create --id e90a1407-55c3-432d-9cb1-3638900a9d22

    You only have to do this once for each subscription. If you receive the following message, the service principal with the Atlas peering application ID already exists. Proceed to the next step.

    Another object with the same value for property servicePrincipalNames already exists.
  2. Copy the following example peering-role.json file and save it to your current working directory:

    1{
    2 "Name":"AtlasPeering/<azureSubscriptionId>/<resourceGroupName>/<vnetName>",
    3 "IsCustom":true,
    4 "Description":"Grants MongoDB access to manage peering connections on network /subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>",
    5 "Actions":[
    6 "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
    7 "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
    8 "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
    9 "Microsoft.Network/virtualNetworks/peer/action"
    10 ],
    11 "AssignableScopes":[
    12 "/subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>"
    13 ]
    14}
  3. Replace the variables in the peering-role.json with details about the Azure VNet to which you want to create a peering connection:

    Variable
    Description
    azureSubscriptionId
    Unique identifer of the Azure subscription in which the VNet resides.
    resourceGroupName
    Name of your Azure resource group.
    vnetName
    Name of your Azure VNet.
  4. Run the following Azure CLI command to create the role definition using the peering-role.json file:

    az role definition create --role-definition peering-role.json
  5. Run the Azure CLI command shown below to assign the role you created to the service principal.

    Replace the variables with the same values you used in the peering-role.json file.

    az role assignment create \
    --role "AtlasPeering/<azureSubscriptionId>/<resourceGroupName>/<vnetName>" \
    --assignee "e90a1407-55c3-432d-9cb1-3638900a9d22" \
    --scope "/subscriptions/<azureSubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/virtualNetworks/<vnetName>"
mongocli atlas networking peering azure create
[ --atlasCidrBlock <atlas-cidr-block> ]
--directoryId <azure-ad-tenant-id>
[ --output|-o <output-format> ]
[ --profile|-P <profile-name> ]
[ --projectId <project-ID> ]
--region <azure-region-id>
--resourceGroup <azure-resource-group-name>
--subscriptionId <azure-subscription-id>
--vnet <azure-vnet-name>
Note

Use -h or --help to view the command-line help for this command.

Option
Type
Description
Required?
--atlasCidrBlock
string

CIDR block that Atlas uses for your clusters. Required only if you do not already have an Atlas VNet.

Atlas uses the specified CIDR block for all other Network Peering connections created in the project. The Atlas CIDR block must be at least /24 and at most /21 in one of the following private networks.

Lower Bound
Upper Bound
Prefix
10.0.0.0
10.255.255.255
10/8
172.16.0.0
172.31.255.255
172.16/12
192.168.0.0
192.168.255.255
192.168/16

Atlas locks this value if an M10+ cluster or a Network Peering connection already exists. To modify the CIDR block, ensure there are no M10+ clusters in the project and no other Network Peering connections in the project.

Alternatively, create a new project and create a Network Peering Connection to set the desired Atlas Network Peering CIDR block for that project.

Important

Atlas limits the number of MongoDB nodes per Network Peering connection based on the CIDR block and the region selected for the project.

Contact MongoDB Support for any questions on Atlas limits of MongoDB nodes per Network Peer.

no
--directoryId
string
Unique identifier for your Azure Active Directory tenant.
yes
--output, -o
string

Command output format. Valid values are:

  • json for output in JSON format
  • go-template for custom output using the Go template
  • go-template-file for custom output specified using the Go template file

If omitted, the command returns output in the default format.

no
--profile, -P
string
Name of the profile where the public and private keys for the project are saved. If omitted, uses the default profile. To learn more about creating a profile, see Configure the MongoDB CLI.
no
--projectId
string

Unique identifier of the project. If omitted, uses the project ID in the profile or environment variable.

no
--region
string
Azure region in which the peer VPC resides. See the Atlas documentation for a list of supported regions.
no
--resourceGroup
string
Name of the Azure resource group that contains the VNet that you want to peer.
yes
--subscriptionId
string
Unique identifier of the Azure subscription that contains the VNet that you want to peer.
yes
--vnet
string
Name of the VNet that you want to peer.
yes

If the command succeeds, it returns the following output in the default format. If the command returns errors, see Troubleshooting for recommended solutions.

Network peering connection '<peering-connection-id>' created.

The default output is a subset of the fields returned by this command. For the complete list of JSON fields returned by the command, see the Public API reference for your MongoDB service:

The following command creates a peering connection between the Atlas VNet and your Azure VNet for a project using the default profile, which contains credentials and the project ID. The output is returned in the default format.

mongocli atlas networking peering create azure --atlasCidrBlock 192.168.0.0/21 \
--directoryId 56657fdb-ca45-40dc-fr56-77fd8b6d2b37 \
--subscriptionId 345654f3-77cf-4084-9e06-8943a079ed75 \
--resourceGroup mongocli-test --region US_EAST_2 --vnet mongocli-test

The previous command prints the following to the terminal.

Network peering connection '5f621a5669a49208c2160f40' created.
Give Feedback