Manage Private Endpoints for an Federated Database Instance
On this page
Note
This feature is not available for M0
free clusters, M2
, and
M5
clusters. To learn more about which features are unavailable,
see Atlas M0 (Free Cluster), M2, and M5 Limits.
Atlas Kubernetes Operator supports managing private endpoints for dedicated clusters on AWS using the AWS PrivateLink feature.
Before you begin, see Manage Private Endpoints.
Procedure
To enable clients to connect to Atlas dedicated clusters using private endpoints:
Find the service name for your private endpoint.
Use the following table to find the service name that corresponds to the AWS region for your private endpoint:
AWS Region | Service Name |
---|---|
us-east-1 | com.amazonaws.vpce.us-east-1.vpce-svc-00e311695874992b4 |
us-west-1 | com.amazonaws.vpce.us-west-2.vpce-svc-09d86b19e59d1b4bb |
eu-west-1 | com.amazonaws.vpce.eu-west-1.vpce-svc-0824460b72e1a420e |
eu-west-2 | com.amazonaws.vpce.eu-west-2.vpce-svc-052f1840aa0c4f1f9 |
eu-central-1 | com.amazonaws.vpce.eu-central-1.vpce-svc-0ac8ce91871138c0d |
sa-east-1 | com.amazonaws.vpce.sa-east-1.vpce-svc-0b56e75e8cdf50044 |
ap-southeast-2 | com.amazonaws.vpce.ap-southeast-2.vpce-svc-036f1de74d761706e |
ap-south-1 | com.amazonaws.vpce.ap-south-1.vpce-svc-03eb8a541f96d356d |
Use the AWS CLI to configure each private endpoint.
To create your application VPC interface endpoint:
Copy the following command:
aws ec2 create-vpc-endpoint --vpc-id {your-application-vpc-id} --region {aws-region} --service-name {service-name} --vpc-endpoint-type Interface --subnet-ids {your-application-subnet-ids} Replace the following placeholders with the details about your AWS VPC:
your-application-vpc-id
Unique string that identifies the peer AWS VPC. Find this value on the VPC dashboard in your AWS account.aws-region
Label that identifies the AWS region of the private endpoint.service-name
Unique string that identifies the service for your private endpoint. This is the service name value you retrieved in the previous step.your-application-subnet-ids
Unique strings that identify the subnets your AWS VPC uses. Separate each subnet with a space. Find these values on the Subnet dashboard in your AWS account.
Important
You must specify at least one subnet. If you don't, AWS won't provision a interface endpoint in your VPC. An interface endpoint is required for clients in your VPC to send traffic to the private endpoint.
Run the command with the AWS CLI.
Note the
VpcEndpointId
value in the output.Example
"VpcEndpoint": { "VpcEndpointId": "vpce-XXXXXX”, "VpcEndpointType": "Interface", "VpcId": "vpc-XXXXX”, "ServiceName": "com.amazonaws.vpce.{aws-region}.vpce-svc-XXXX”, "State": "pendingAcceptance", }
To learn more, see Creating an Interface Endpoint in the AWS documentation.
Specify the spec.privateEndpoints
parameter.
Specify the spec.privateEndpoints parameter for
the AtlasDataFederation
Custom Resource. Replace
vpce-id
with the VpcEndpointId
value from the previous
step and run the following command:
Note
You can find the unique identifier of the peer AWS VPC on the VPC dashboard in your AWS account.
cat <<EOF | kubectl apply -f - apiVersion: atlas.mongodb.com/v1 kind: AtlasDataFederation metadata: name: my-federated-deployment spec: name: my-fdi privateEndpoints: - endpointId: {vpce-id} provider: AWS type: DATA_LAKE EOF