Connect to Alibaba Cloud ApsaraDB RDS for MySQL via a Private Link Connection

This document describes how to connect a TiDB Cloud Essential cluster to an Alibaba Cloud ApsaraDB RDS for MySQL instance using an Alibaba Cloud Endpoint Service private link connection.

Prerequisites

You have an existing ApsaraDB RDS for MySQL instance or the permissions required to create one.
Verify that your account has the following permissions to manage networking components:
- Manage load balancer
- Manage endpoint services
Your TiDB Cloud Essential cluster is on Alibaba Cloud, and it is active. Retrieve and save the following details for later use:
- Alibaba Cloud account ID
- Availability Zones (AZ)

To view the Alibaba Cloud account ID and availability zones, do the following:

In the TiDB Cloud console, navigate to the cluster overview page of the TiDB cluster, and then click Settings > Networking in the left navigation pane.
In the Private Link Connection For Dataflow area, click Create Private Link Connection.
In the displayed dialog, you can find the Alibaba Cloud account ID and availability zones.

Identify an Alibaba Cloud ApsaraDB RDS for MySQL that you want to use, or create a new RDS.

Your ApsaraDB RDS for MySQL instance must meet the following requirements:

Region match: the instance must reside in the same Alibaba Cloud region as your TiDB Cloud Essential cluster.
AZ (Availability Zone) availability: the availability zones must overlap with those of your TiDB Cloud Essential cluster.
Network accessibility: the instance must be configured with a proper IP allowlist and be accessible within the VPC.

Note

Cross-region connections for ApsaraDB RDS for MySQL are not supported.

You need to set up the load balancer and the endpoint service in the Alibaba Cloud console.

Set up the load balancer in the same region as your ApsaraDB RDS for MySQL as follows:

Go to Server Groups to create a server group. Provide the following information:
- Server Group Type: select IP
- VPC: enter the VPC where your ApsaraDB RDS for MySQL is located
- Backend Server Protocol: select TCP
Click the created server group to add backend servers, and then add the IP address of your ApsaraDB RDS for MySQL instance.
You can ping the RDS endpoint to get the IP address.
Go to NLB to create a network load balancer. Provide the following information:
- Network Type: select Internal-facing
- VPC: select the VPC where your ApsaraDB RDS for MySQL is located
- Zone: it must overlap with your TiDB Cloud Essential cluster
- IP Version: select IPv4
Find the load balancer you created, and then click Create Listener. Provide the following information:
- Listener Protocol: select TCP
- Listener Port: enter the database port, for example, 3306 for MySQL
- Server Group: choose the server group you created in the previous step

To set up the endpoint service in the same region as your ApsaraDB RDS for MySQL, take the following steps:

Go to Endpoint Service to create an endpoint service. Provide the following information:
- Service Resource Type: select NLB
- Select Service Resource: select all zones that the NLB is in, and choose the NLB that you created in the previous step
- Automatically Accept Endpoint Connections: it is recommended to choose No
Go to the details page of the endpoint service, and copy the Endpoint Service Name, for example, com.aliyuncs.privatelink.<region>.xxxxx. You need to use it for TiDB Cloud later.
On the details page of the endpoint service, click the Service Whitelist tab, click Add to Whitelist, and then enter the Alibaba Cloud account ID that you obtained in Prerequisites

You can create a private link connection using the TiDB Cloud console or the TiDB Cloud CLI.