Docs Menu
Docs Home
/ /
Private Endpoints
Docs Home
/ /
Atlas Access
/
Private Endpoints
Docs Home
/
Management
/
Atlas Kubernetes Operator
/
Atlas Kubernetes Operator
/
Atlas Access
/
Private Endpoints

Manage Private Endpoints for an Federated Database Instance

Note

This feature is not available for any of the following deployments:

  • M0 clusters

  • M2/M5 clusters

  • Flex clusters

Atlas Kubernetes Operator supports managing private endpoints for dedicated clusters on AWS using the AWS PrivateLink feature.

Before you begin, see Manage Private Endpoints.

Procedure

To enable clients to connect to Atlas dedicated clusters using private endpoints:

1

Find the service name for your private endpoint.

Use the following table to find the service name that corresponds to the AWS region for your private endpoint:

AWS Region
Service Name

us-east-1

com.amazonaws.vpce.us-east-1.vpce-svc-00e311695874992b4

us-west-2

com.amazonaws.vpce.us-west-2.vpce-svc-09d86b19e59d1b4bb

eu-west-1

com.amazonaws.vpce.eu-west-1.vpce-svc-0824460b72e1a420e

eu-west-2

com.amazonaws.vpce.eu-west-2.vpce-svc-052f1840aa0c4f1f9

eu-central-1

com.amazonaws.vpce.eu-central-1.vpce-svc-0ac8ce91871138c0d

sa-east-1

com.amazonaws.vpce.sa-east-1.vpce-svc-0b56e75e8cdf50044

ap-southeast-2

com.amazonaws.vpce.ap-southeast-2.vpce-svc-036f1de74d761706e

ap-south-1

com.amazonaws.vpce.ap-south-1.vpce-svc-03eb8a541f96d356d

2

Use the AWS CLI to configure each private endpoint.

To create your application VPC interface endpoint:

  1. Copy the following command:

    aws ec2 create-vpc-endpoint --vpc-id {your-application-vpc-id} --region {aws-region} --service-name {service-name} --vpc-endpoint-type Interface --subnet-ids {your-application-subnet-ids}

  2. Replace the following placeholders with the details about your AWS VPC:

    your-application-vpc-id

    Unique string that identifies the peer AWS VPC. Find this value on the VPC dashboard in your AWS account.

    aws-region

    Label that identifies the AWS region of the private endpoint.

    service-name

    Unique string that identifies the service for your private endpoint. This is the service name value you retrieved in the previous step.

    your-application-subnet-ids

    Unique strings that identify the subnets your AWS VPC uses. Separate each subnet with a space. Find these values on the Subnet dashboard in your AWS account.

    IMPORTANT: You must specify at least one subnet. If you don't, AWS won't provision a interface endpoint in your VPC. An interface endpoint is required for clients in your VPC to send traffic to the private endpoint.

  3. Run the command with the AWS CLI.

  4. Note the VpcEndpointId value in the output.

    Example

    "VpcEndpoint": {
             "VpcEndpointId": "vpce-XXXXXX”,
             "VpcEndpointType": "Interface",
             "VpcId": "vpc-XXXXX”,
             "ServiceName": "com.amazonaws.vpce.{aws-region}.vpce-svc-XXXX”,
             "State": "pendingAcceptance",
             }

To learn more, see Creating an Interface Endpoint in the AWS documentation.

3

Specify the spec.privateEndpoints parameter.

Specify the spec.privateEndpoints parameter for the AtlasDataFederation Custom Resource. Replace vpce-id with the VpcEndpointId value from the previous step and run the following command:

Note

You can find the unique identifier of the peer AWS VPC on the VPC dashboard in your AWS account.

cat <<EOF | kubectl apply -f -
apiVersion: atlas.mongodb.com/v1
kind: AtlasDataFederation
metadata:
  name: my-federated-deployment
spec:
  name: my-fdi
  privateEndpoints:
  - endpointId: {vpce-id}
    provider: AWS
    type: DATA_LAKE
EOF
4

Check the status of your private endpoints using Atlas Kubernetes Operator.

Run the following command:

kubectl get atlasdatafederation my-fdi -o yaml

Back

Serverless

Next

Cloud Provider Integrations

On this page