2

I am really stuck here deciding whether I really need a VPC to deploy my MongoDB instance (a graphQL server also) into on AWS? I'm working on a project that's going to have a GraphQL server to serve a mobile-app along with a MongoDB instance to store the data. I've read everywhere that you must use a VPC, why though? Can't I use the security groups that AWS provides? This will allow me to lockdown my MongoDB instance right?

The reason I don't want to use a VPC is purely because of the extra costs!. The project I'm working on has a small budget & paying all the extra money (min $60 a month) for the VPC on AWS just isn't viable. Maybe if I was building an application that was going to be massive and has 10s of thousands of users and required scale and added security for peace of mind, then I'd consider using a VPC, but since it's not going to be that, and the budget is small, is it okay to use the security groups to lockdown my mongodb ec2 instance?

I've looked into other hosting solutions, in particular Digitalocean as they provide a free VPC service, however Digitalocean does not have data centers in my region (amongst other things) + I've used AWS a fair bit in the past and would love to keep using it.

I would love any suggestions about what I could/should do.

BinaryButterfly
  • 18,137
  • 13
  • 50
  • 91
James111
  • 15,378
  • 15
  • 78
  • 121
  • 2
    Where did you see that vpcs cost money? Usually you would use a vpc because some other resource *requires* a vpc. Absent this requirement you don't need to use a vpc. – D. SM Sep 27 '20 at 01:36
  • https://aws.amazon.com/vpc/pricing/ - Also: If I was to setup a MongoDB instance inside a VPC, it would mean that I'd need to setup a NAT GATEWAY or some sort of VM to route traffic from the outside world to my mongodb instance inside the VM? Since I would need to configure the MongoDB instance inside the VPC, I'd need a gateway to be able to ssh into that instance. @D.SM Thanks for the info! – James111 Sep 27 '20 at 01:46

1 Answers1

4

Security groups are a feature of VPCs and are tightly coupled with how EC2 instances are hosted. You need a VPC to define your networking rules including if your instances that host the MongoDB and GraphQL servers are public/private and what their security group rules are.

I'm not sure what costs you are referring to as VPCs are free and all accounts come with a VPC already created for you (the default VPC). You only pay for the ingress/egress traffic that you use so if you aren't doing anything massive, then the cost will be tiny ($0.02/GB) compared to the cost of the instances used to host your machines.

To address your comment, A NAT Gateway would only be needed if you want your instances on private subnets but you want those subnets to have internet access. This is not required if you are comfortable with putting your instances on public subnets and then locking them down with security group and NACL rules (this is not the best security practice but it is a comprise you can make to save on costs).

JD D
  • 7,398
  • 2
  • 34
  • 53
  • 2
    Awesome! That clears everything up!! I guess I was under the assumption that I needed to have my MONGODB INSTANCE on a private subnet for it to be secure...I guess those costs I was talking about were todo with the NAT GATEWAY/bastion host stuff that I had read about in the past..I just thought these were absolutely neccesary, but knowing I can use the security groups to lock my instance down without having to deploy into a private subnet for added security is awesome – James111 Sep 27 '20 at 01:53