Background
The MongoDB Control Plane is scheduled for maintenance on October 1, 2025, starting at 5 PM ET. During this maintenance, we will add new IP addresses to the MongoDB Control Plane.
The Atlas Control Plane IP address changes are unrelated to the transition to MongoDB IP blocks. For more information, see Upcoming changes to public IP addresses for MongoDB Atlas AWS dedicated clusters article.
The Control Plane is the administrative layer of MongoDB Atlas. It handles tasks tied to cluster management, project configurations, user access management, feature toggling, and more. Examples of its responsibilities include:
Deploying and updating your cluster configurations.
Adding or removing database users.
Enabling or disabling various Atlas features.
The Control Plane can be accessed through several interfaces:
Atlas UI: The graphical interface within the Atlas platform.
MongoDB Atlas Administration API: A RESTful API enabling programmatic interactions with Atlas.
Integrations: Third-party tools such as the Atlas Kubernetes Operator, Terraform Provider, and the Atlas CLI interact with the Control Plane using the Admin API.
If your application has hard-coded dependencies on the Atlas Control Plane, you must update your infrastructure with additional IP addresses before September 30, 2025.
You must update your infrastructure if you have configured firewalls, access control lists, or security groups that rely on these IP addresses. See the Allow Access to or from the Atlas Control Plane documentation for more information.
Do I need to make changes to my infrastructure?
If you use either of the following Atlas features, which necessitate allowing access to or from the Atlas Control Plane, you must add the new Atlas IP addresses to your network's IP address access list:
Impact on the Terraform provider
No impact is expected on the Terraform provider. However, if you use egress security rules on a Terraform host that uses the Administration API, you must update the allowlist with the control plane IP addresses.
Where can I find the updated IP addresses?
You can use the Atlas Administration API, which provides an up-to-date list of all Atlas control plane IP addresses.
Email clarification
The email you received indicates that we are adding new IP addresses to the Atlas Control Plane, which will be effective on September 30, 2025. If your services communicate directly with the Atlas Control Plane, you must update your firewalls or access control lists to avoid service interruptions once the new IP addresses are added.
The new IP addresses do not need to be added to your Atlas project's network IP access list for connecting to Atlas clusters. They will not affect application connections for CRUD operations. Action is only required if you connect to the Atlas Control Plane from an external network with restricted firewall access.
For instance, you may need to allow-list these Atlas Control Plane IP addresses if you use Encryption at Rest using Customer Key Management, configured webhook alerts, or when accessing a Data Federation Instance. Webhooks may not work properly if the suggested changes are not done in time, however, you will still be able to monitor, backup, and automate any changes as usual.
If you are using cloud provider KMS especially in case of Azure Key Vault, you may encounter the following error and lose cluster connectivity if the control plane IP addresses are not updated:
"The Atlas control plane cannot access Azure Key Vault. Please update your Azure Key Vault key access list to include Atlas control plane IP addresses."
To prevent this issue, ensure that your cloud provider’s KMS allows access from all outbound IP addresses from the Atlas Control plane. For more information, see the article: What inbound and outbound IP addresses are required for Encryption at Rest using CMK with a cloud provider's KMS?
You may also find this article helpful for troubleshooting: How to resolve 'The Azure Key Vault has restricted network access and cannot be reached' error.