Set up a Private Endpoint for Dedicated Cluster¶
On this page
- High Availability
- Port Ranges Used for Private Endpoints
- Private Endpoint-Aware Connection Strings
- IP Access Lists and Network Peering Connections with Private Endpoints
- Regionalized Private Endpoints for Multi-Region Sharded Clusters
- Configure an Atlas Private Endpoint
- Connect to Atlas using a Private Endpoint
- Remove a Private Endpoint from Atlas
- Troubleshoot Private Endpoint Connection Issues
- Check the status of your AWS PrivateLink connections.
- Make sure that your security groups are configured properly.
This feature is not available for
M0 free clusters,
M5 clusters. To learn more about which features are unavailable,
see Atlas M0 (Free Cluster), M2, and M5 Limitations.
Serverless instances are in preview and do not support this feature at this time. To learn more, see Serverless Instance Limitations.
MongoDB Atlas supports private endpoints on:
- AWS using the AWS PrivateLink feature,
- Azure using the Azure Private Link feature, and
- Google Cloud using the Google Cloud Private Service Connect feature.
You can set up private endpoints for your Online Archive. To learn more, see Set Up a Private Endpoint for Online Archives.
Port Ranges Used for Private Endpoints¶
Private Endpoint-Aware Connection Strings¶
IP Access Lists and Network Peering Connections with Private Endpoints¶
Clients connecting to Atlas clusters using other methods use standard connection strings. Your clients might have to identify when to use private endpoint-aware connection strings and standard connection strings.
Regionalized Private Endpoints for Multi-Region Sharded Clusters¶
For multi-region and global sharded clusters, you can deploy multiple private endpoints to a region if you need to connect to Atlas using a private endpoint from networks that can't be peered with one another.
You can deploy any number of private endpoints to regions that you
deployed your cluster to. Each regional private endpoint connects to the
mongos instances in that region.
Your connection strings to existing multi-region and global sharded clusters change when you enable this setting.
You must update your applications to use the new connection strings. This might cause downtime.
You can enable this setting only if your Atlas project contains no replica sets.
You can't disable this setting if you have:
- More than one private endpoint in more than one region, or
- More than one private endpoint in one region and one private endpoint in one or more regions.
You can create only sharded clusters when you enable the regionalized private endpoint setting. You can't create replica sets.
To use this feature, you must enable the regionalized private endpoint setting:
Navigate to the Settings page for your project.¶
- If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
- If it is not already displayed, select your desired project from the Projects menu in the navigation bar.
- Next to the Projects menu, expand the Options menu, then click Project Settings.
Enable the setting.¶
Toggle the Multiple Regionalized Private Endpoints setting to Yes.
To enable connections to Atlas using private endpoints, you must:
Configure an Atlas Private Endpoint¶
Enable clients to connect to Atlas clusters using private endpoints with the following procedure:
Connect to Atlas using a Private Endpoint¶
For important considerations about private endpoint-aware connection strings, see Private Endpoint-Aware Connection Strings.
Use a private endpoint-aware connection string to connect to an Atlas cluster with the following procedure:
- Click Databases in the top-left corner of Atlas.
- In the Database Deployments view, click Connect for the database deployment to which you want to connect.
Select the Private Endpoint connection type.¶
Select the private endpoint to which you want to connect.¶
Create a Database User.¶
Skip this step if Atlas indicates in the Setup connection security step that you have at least one database user configured in your project. To manage existing database users, see Configure Database Users.
To access the database deployment, you need a MongoDB user with access to the desired database or databases on the database deployment in your project. If your project has no MongoDB users, Atlas prompts you to create a new user with the Atlas Admin role.
- Enter the new user's Username
- Enter a Password for this new user or click Autogenerate Secure Password.
- Click Create Database User to save the user.
Use this user to connect to your database deployment in the following step.
Once you have added an IP address to your IP access list and added a database user, click Choose Your Connection Method.
Click Choose a connection method.¶
MongoDB recommends that your clients use the DNS seedlist connection string format.