Networking Security: Atlas / Private Endpoints

Code Summary: Private Endpoints

The following provides a summary of the code to configure a private endpoint using Atlas and AWS. You also have the option to use Azure or GCP. Instructions for Azure and GCP can be found here.

Prerequisites

  • Atlas Account
  • Atlas organization ID
  • Atlas Project ID
  • Atlas CLI
  • AWS Console

Usage

Create a Private Endpoint Service Atlas:

The following command creates a new AWS private endpoint for an Atlas project in the us-west-1 region. Replace <projectId> with your project’s ID.

atlas privateEndpoints aws create \
    --region us-west-1 \
    --projectId <projectId>


Retrieve Private Endpoint Service Name:

The following command shows details about a specific AWS private endpoint in an Atlas project, with the output in JSON format. Replace <privateEndpointId> and <projectId> with your values.

atlas privateEndpoints aws describe <privateEndpointId> \
  --projectId <projectId> \
  --output json


Create an Interface Endpoint in AWS VPC to Connect to Atlas:

The following command creates an interface VPC endpoint in AWS for a specified service and VPC in the us-west-1 region. Replace <vpcId>, <subnetIds>, and the service name with your values.

aws ec2 create-vpc-endpoint --vpc-id <vpcId> \
  --region us-west-1 \
  --service-name com.amazonaws.vpce.us-west-1.vpce-svc-x \
  --vpc-endpoint-type Interface \
  --subnet-ids <subnetIds>


Connect AWS Endpoint with Atlas:

The following command creates a new interface for an AWS private endpoint service in an Atlas project and outputs the result in JSON format. Replace <endpointServiceId>, vpce-x, and <projectId>; with your values.

atlas privateEndpoints aws interfaces create <endpointServiceId> \    
  --privateEndpointId vpce-x \
  --projectId <projectId> \
  --output json


View AWS Private Endpoint Details:

The following command shows details about a specific AWS private endpoint interface in an Atlas project, with the output in JSON format. Replace <interfaceEndpointId>, <endpointServiceId>, and <projectId>; with your values.

atlas privateEndpoints aws interfaces describe <interfaceEndpointId> \ 
  --endpointServiceId <endpointServiceId> \
  --projectId <projectId> \
  --output json