Docs Menu
Docs Home
/
MongoDB Atlas
/
Backup, Restore, and Archive
/
Online Archive

Set Up a Private Endpoint for Online Archives

On this page

  • Required Access
  • Prerequisites
  • Set Up Private Endpoint Through the User Interface
  • Set Up Private Endpoint Through the API

Important

Feature unavailable in Serverless Instances

Serverless instances don't support this feature at this time. To learn more, see Serverless Instance Limitations.

MongoDB supports AWS private endpoints using the AWS PrivateLink feature for Online Archives. You can set up the private endpoints from the Atlas User Interface and API.

Note

You can set up private endpoints for a dedicated cluster. To learn more, see Configure Private Endpoints.

Required Access

To set up a private endpoint for an Online Archive, you must have Project Owner access or higher to the project.

Prerequisites

  1. Have an AWS user account with an IAM user policy that grants permissions to create, modify, describe, and delete endpoints. For more information on controlling the use of interface endpoints, see the AWS Documentation.

  2. Install the AWS CLI.

  3. If you have not already done so, create your VPC and EC2 instances in AWS. See the AWS documentation for guidance.

Note

You can't use your Atlas cluster private endpoint ID for an Online Archive. The Online Archive endpoint ID must be different from your Atlas cluster endpoint ID, if you have one.

Set Up Private Endpoint Through the User Interface

You can create a new private endpoint or add an existing private endpoint for the online archives through your Atlas User Interface. To set up the private endpoint:

1

In Atlas, go to the Network Access page for your project.

  1. If it's not already displayed, select the organization that contains your project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your project from the Projects menu in the navigation bar.

  3. In the sidebar, click Network Access under the Security heading.

    The Network Access page displays.

2

Click the Private Endpoint tab and then the following tab.

Click Federated Database Instance / Online Archive for a private endpoint for your federated database instance or online archive.

3

Click the button to set up the private endpoint.

Click Create New Endpoint button.

4

Choose an AWS region.

  1. From the AWS Region list, select the region where you want to create the private endpoint.

    You can select one of the following regions:

    Atlas Data Federation Regions
    AWS Regions
    Northern Virginia, North America
    us-east-1
    Oregon, North America
    us-west-2
    Ireland, Europe
    eu-west-1
    London, Europe
    eu-west-2
    Frankfurt, Europe
    eu-central-1
    Tokyo, Japan
    ap-northeast-1
    Mumbai, Asia
    ap-south-1
    Sydney, Australia
    ap-southeast-2
    Montreal, Canada
    ca-central-1

    To learn more, see Atlas Data Federation Regions.

  2. Click Next.

Note

If your organization has no payment information stored, Atlas prompts you to add it before continuing.

5

Configure your private endpoint.

Tip

Click and expand Show instruction for a screenshot of the AWS console where you can find the necessary information for the following settings.

  1. Enter the following details about your AWS VPC:

    Your VPC ID
    Unique identifier of the peer AWS VPC. Find this value on the VPC dashboard in your AWS account.
    Your Subnet IDs

    Unique identifiers of the subnets your AWS VPC uses. Find these values on the Subnet dashboard in your AWS account.

    Important

    You must specify at least one subnet. If you don't, AWS won't provision an interface endpoint in your VPC. An interface endpoint is required for clients in your VPC to send traffic to the private endpoint.

  2. Copy the command the dialog box displays and run it using the AWS CLI.

    See Creating an Interface Endpoint to perform this task using the AWS CLI.

  3. Enter your VPC Endpoint ID. This is a 22-character alphanumeric string that identifies your private endpoint. Find this value on the AWS VPC Dashboard under Endpoints > VPC ID.

  4. Enter the alpha-numeric DNS hostname associated with your private endpoint on AWS in the Your VPC Endpoint DNS Name field. If you have multiple DNS names for your private endpoint, copy and paste the first name from your list. To learn more, see Manage DNS names for VPC endpoint services.

6

Run the command to create your VPC interface endpoint.

Copy the command the dialog box displays and run it using the AWS CLI.

7

Modify the private DNS name to ensure that the hostname resolves to an address on your network.

To ensure that the hostname resolves to an address on your network:

  1. Copy the command the dialog box displays and run it using the AWS CLI.

  2. Optional. Add a comment to associate with this endpoint.

8

Click Finish endpoint creation.

1

In Atlas, go to the Network Access page for your project.

  1. If it's not already displayed, select the organization that contains your project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your project from the Projects menu in the navigation bar.

  3. In the sidebar, click Network Access under the Security heading.

    The Network Access page displays.

2

Click the Private Endpoint tab and then the following tab.

Click Federated Database Instance / Online Archive for a private endpoint for your federated database instance or online archive.

3

Click the button to set up the private endpoint.

Click Connect Existing Endpoint button.

4

Enter your VPC endpoint ID and DNS name.

  1. Enter the 22-character alphanumeric string that identifies your private endpoint in the Your VPC Endpoint ID field.

  2. Enter the alpha-numeric DNS hostname associated with your private endpoint on AWS in the Your VPC Endpoint DNS Name field. If you have multiple DNS names for your private endpoint, copy and paste the first name from your list. To learn more, see Manage DNS names for VPC endpoint services.

Tip

Click and expand Show instruction in the dialog box for a visual clue as to where you can find the necessary information in the AWS console.

5

Add a comment to associate with this endpoint. You can enter your subnet ID, VPC ID, AWS region, and other information to associate with this endpoint.

6

Click Confirm to add the existing private endpoint.

Set Up Private Endpoint Through the API

To configure a private endpoint for an online archive from the API, send a POST request with the private endpoint ID to the privateNetworkSettings endpoint.

  • If the endpoint ID already exists and there is no change to the comment associated with the endpoint, Atlas makes no change to the endpoint ID list.

  • If the endpoint ID already exists and there is a change to the associated comment, Atlas updates the comment value only in the endpoint ID list.

  • If the endpoint ID doesn't exist, Atlas appends the new endpoint to the list of endpoints in the endpoint ID list.

To learn more about the syntax and options, see API.

Back

Configure Online Archive

Next

Connect to Online Archive

On this page