Docs Menu

Set up a Private Endpoint for Dedicated Cluster

On this page

Note
Feature unavailable in Free and Shared-Tier Clusters

This feature is not available for M0 free clusters, M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Cluster), M2, and M5 Limitations.

Important
Serverless Instances are in Preview

Serverless instances are in preview and do not support this feature at this time. To learn more, see Serverless Instance Limitations.

MongoDB Atlas supports private endpoints on:

  • AWS using the AWS PrivateLink feature,
  • Azure using the Azure Private Link feature, and
  • Google Cloud using the Google Cloud Private Service Connect feature.
Note

You can set up private endpoints for your Online Archive. To learn more, see Set Up a Private Endpoint for Online Archives.

Tip

When you enable private endpoints, you can still enable access to your Atlas clusters using other methods, such as adding public IPs to IP access lists and network peering.

Clients connecting to Atlas clusters using other methods use standard connection strings. Your clients might have to identify when to use private endpoint-aware connection strings and standard connection strings.

For multi-region and global sharded clusters, you can deploy multiple private endpoints to a region if you need to connect to Atlas using a private endpoint from networks that can't be peered with one another.

You can deploy any number of private endpoints to regions that you deployed your cluster to. Each regional private endpoint connects to the mongos instances in that region.

Warning

Your connection strings to existing multi-region and global sharded clusters change when you enable this setting.

You must update your applications to use the new connection strings. This might cause downtime.

You can enable this setting only if your Atlas project contains no replica sets.

You can't disable this setting if you have:

  • More than one private endpoint in more than one region, or
  • More than one private endpoint in one region and one private endpoint in one or more regions.

You can create only sharded clusters when you enable the regionalized private endpoint setting. You can't create replica sets.

To use this feature, you must enable the regionalized private endpoint setting:

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
  2. If it is not already displayed, select your desired project from the Projects menu in the navigation bar.
  3. Next to the Projects menu, expand the Options menu, then click Project Settings.
2

Toggle the Multiple Regionalized Private Endpoints setting to Yes.

To enable connections to Atlas using private endpoints, you must:

Enable clients to connect to Atlas clusters using private endpoints with the following procedure:

Note

For important considerations about private endpoint-aware connection strings, see Private Endpoint-Aware Connection Strings.

Use a private endpoint-aware connection string to connect to an Atlas cluster with the following procedure:

1
  1. Click Databases in the top-left corner of Atlas.
  2. In the Database Deployments view, click Connect for the database deployment to which you want to connect.
2
3
4
Important

Skip this step if Atlas indicates in the Setup connection security step that you have at least one database user configured in your project. To manage existing database users, see Configure Database Users.

To access the database deployment, you need a MongoDB user with access to the desired database or databases on the database deployment in your project. If your project has no MongoDB users, Atlas prompts you to create a new user with the Atlas Admin role.

  1. Enter the new user's Username
  2. Enter a Password for this new user or click Autogenerate Secure Password.
  3. Click Create Database User to save the user.

Use this user to connect to your database deployment in the following step.

Once you have added an IP address to your IP access list and added a database user, click Choose Your Connection Method.

5

MongoDB recommends that your clients use the DNS seedlist connection string format.

Give Feedback
MongoDB logo
© 2021 MongoDB, Inc.

About

  • Careers
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2021 MongoDB, Inc.