Connect to TiDB Cloud Starter or Essential via Alibaba Cloud Private Endpoint
This tutorial walks you through the steps to connect to your TiDB Cloud Starter or Essential instance via a private endpoint on Alibaba Cloud. Connecting through a private endpoint allows secure and private communication between your services and your TiDB Cloud Starter or Essential instance without using the public internet.
Restrictions
- Currently, TiDB Cloud Starter and TiDB Cloud Essential support private endpoint connections when the endpoint service is hosted on AWS or Alibaba Cloud. If the service is hosted on another cloud provider, the private endpoint is not applicable.
- Cross-region private endpoint connections is not supported.
Set up a private endpoint with Alibaba Cloud
To connect to your TiDB Cloud Starter or TiDB Cloud Essential instance via a private endpoint, follow these steps:
- Choose a TiDB Cloud Starter or Essential instance
- Create a private endpoint on Alibaba Cloud
- Authorize your private endpoint in TiDB Cloud
- Connect to your TiDB Cloud Starter or Essential instance using the private endpoint
Step 1. Choose a TiDB Cloud Starter or Essential instance
- On the My TiDB page, click the name of your target TiDB Cloud Starter or Essential instance to go to its overview page.
- Click Connect in the upper-right corner. A connection dialog is displayed.
- In the Connection Type drop-down list, select Private Endpoint.
- Take a note of Service Name, Availability Zone ID, and Region ID.
Step 2. Create a private endpoint on Alibaba Cloud
To use the Alibaba Cloud Management Console to create a VPC interface endpoint, perform the following steps:
Sign in to the Alibaba Cloud Management Console.
Navigate to VPC > Endpoints.
Under the Interface Endpoints tab, click Create Endpoint.
Fill out the endpoint information:
- Region: select the same region as your TiDB Cloud Starter or Essential instance.
- Endpoint Name: choose a name for the endpoint.
- Endpoint Type: select Interface Endpoint.
- Endpoint Service: select Other Endpoint Services.
In the Endpoint Service Name field, paste the service name you copied from TiDB Cloud.
Click Verify. A green check will appear if the service is valid.
Choose the VPC, Security Group, and Zone to use for the endpoint.
Click OK to create the endpoint.
Wait for the endpoint status to become Active and the connection status to become Connected.
Step 3. Authorize your private endpoint in TiDB Cloud
After creating the interface endpoint on Alibaba Cloud, you must add it to the allowlist of your target TiDB Cloud Starter or TiDB Cloud Essential instance.
On the My TiDB page, click the name of your target TiDB Cloud Starter or TiDB Cloud Essential instance to go to its overview page.
Click Settings > Networking in the left navigation pane.
Scroll down to the Private Endpoint section and then locate the Authorized Networks table.
Click Add Rule to add a firewall rule.
- Endpoint Service Name: paste the service name you got from Step 1.
- Firewall Rule Name: enter a name to identify this connection.
- Your Endpoint ID: paste your 23-character endpoint ID from the Alibaba Cloud Management Console (starts with
ep-).
Click Submit.
Step 4. Connect to your TiDB Cloud Starter or Essential instance using the private endpoint
After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps:
On the My TiDB page, click the name of your target TiDB Cloud Starter or Essential instance to go to its overview page.
Click Connect in the upper-right corner. A connection dialog is displayed.
In the Connection Type drop-down list, select Private Endpoint.
In the Connect With drop-down list, select your preferred connection method. The corresponding connection string is displayed at the bottom of the dialog.
For the host, go to the Endpoint Details page in Alibaba Cloud, and copy the Domain Name of Endpoint Service as your host.
Connect to your TiDB Cloud Starter or Essential instance with the connection string.