Docs Menu
Docs Home
/ /
MongoDB Atlas Kubernetes Operator
/ /

Manage Private Endpoints for an Federated Database Instance

On this page

  • Procedure

Note

This feature is not available for M0 free clusters, M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Cluster), M2, and M5 Limits.

Atlas Kubernetes Operator supports managing private endpoints for dedicated clusters on AWS using the AWS PrivateLink feature.

Before you begin, see Manage Private Endpoints.

To enable clients to connect to Atlas dedicated clusters using private endpoints:

1

Use the following table to find the service name that corresponds to the AWS region for your private endpoint:

AWS Region
Service Name
us-east-1
com.amazonaws.vpce.us-east-1.vpce-svc-00e311695874992b4
us-west-1
com.amazonaws.vpce.us-west-2.vpce-svc-09d86b19e59d1b4bb
eu-west-1
com.amazonaws.vpce.eu-west-1.vpce-svc-0824460b72e1a420e
eu-west-2
com.amazonaws.vpce.eu-west-2.vpce-svc-052f1840aa0c4f1f9
eu-central-1
com.amazonaws.vpce.eu-central-1.vpce-svc-0ac8ce91871138c0d
sa-east-1
com.amazonaws.vpce.sa-east-1.vpce-svc-0b56e75e8cdf50044
ap-southeast-2
com.amazonaws.vpce.ap-southeast-2.vpce-svc-036f1de74d761706e
ap-south-1
com.amazonaws.vpce.ap-south-1.vpce-svc-03eb8a541f96d356d
2

To create your application VPC interface endpoint:

  1. Copy the following command:

    aws ec2 create-vpc-endpoint --vpc-id {your-application-vpc-id} --region {aws-region} --service-name {service-name} --vpc-endpoint-type Interface --subnet-ids {your-application-subnet-ids}
  2. Replace the following placeholders with the details about your AWS VPC:

    your-application-vpc-id
    Unique string that identifies the peer AWS VPC. Find this value on the VPC dashboard in your AWS account.
    aws-region
    Label that identifies the AWS region of the private endpoint.
    service-name
    Unique string that identifies the service for your private endpoint. This is the service name value you retrieved in the previous step.
    your-application-subnet-ids

    Unique strings that identify the subnets your AWS VPC uses. Separate each subnet with a space. Find these values on the Subnet dashboard in your AWS account.

    Important

    You must specify at least one subnet. If you don't, AWS won't provision a interface endpoint in your VPC. An interface endpoint is required for clients in your VPC to send traffic to the private endpoint.

  3. Run the command with the AWS CLI.

  4. Note the VpcEndpointId value in the output.

    Example

    "VpcEndpoint": {
    "VpcEndpointId": "vpce-XXXXXX”,
    "VpcEndpointType": "Interface",
    "VpcId": "vpc-XXXXX”,
    "ServiceName": "com.amazonaws.vpce.{aws-region}.vpce-svc-XXXX”,
    "State": "pendingAcceptance",
    }

To learn more, see Creating an Interface Endpoint in the AWS documentation.

3

Specify the spec.privateEndpoints parameter for the AtlasDataFederation Custom Resource. Replace vpce-id with the VpcEndpointId value from the previous step and run the following command:

Note

You can find the unique identifier of the peer AWS VPC on the VPC dashboard in your AWS account.

cat <<EOF | kubectl apply -f -
apiVersion: atlas.mongodb.com/v1
kind: AtlasDataFederation
metadata:
name: my-federated-deployment
spec:
name: my-fdi
privateEndpoints:
- endpointId: {vpce-id}
provider: AWS
type: DATA_LAKE
EOF
4

Run the following command:

kubectl get atlasdatafederation my-fdi -o yaml

Back

Serverless

On this page