Proxy mongodb connections in datacenter via 1 VM for Atlas IP whitelisting

Each datacenter has approximately a dozen servers that connect to an MongoDB Atlas cluster. It would be cumbersome to constantly manage whitelisting each server on the Atlas cluster config side for allowed (whitelisted) connections.

I am curious if anyone has input, thoughts, concerns, experience, etc. with having 1 single server be the proxy to MongoDB Atlas so that each datacenter only requires a single IP whitelisted address.

For whitelisting the endpoints you can leverage the API to do this automatically when you provision a new server/app that uses it.

To actually proxy you’re going to need a TCP proxy, something like HAProxy or Traefik(2.0+)

In this environment your server/app will have to resolve each Node in the Atlas cluster to your TCP Proxy(because of replicaset discovery).

[Edit] Oh yes, forgot to mention, this get really fun* because you have to inspect TLS Hello to know which host to route to. Go with the API.

I think the better way would to be to leverage the API, but either way requires a bit of work.
Whitelisting via API I have done. TCP Proxy I have experience with, not with Atlas though.

*Fun: Razor blades and lemon juice fun.