From f1cd73fc3137aa390f61eca5790ddc93276c69f8 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 30 Mar 2026 14:00:11 +0800 Subject: [PATCH 1/6] Update set-up-private-endpoint-connections-serverless.md --- ...private-endpoint-connections-serverless.md | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index a55c18dd54508..ff616fdb2b238 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -41,7 +41,8 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} cluster via a private 1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) -3. [Connect to your TiDB cluster](#step-3-connect-to-your-tidb-cluster) +3. [Authorize your private endpoint in TiDB](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +4. [Connect to your TiDB cluster](#step-3-connect-to-your-tidb-cluster) ### Step 1. Choose a TiDB cluster @@ -102,7 +103,25 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3: Connect to your TiDB cluster +### Step 3. Authorize your private endpoint in TiDB Cloud + +After creating the interface endpoint in AWS, you must add it to your cluster's allowlist. + +1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. +2. Click **Settings** > **Networking** in the left navigation menu. +3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. Click **Add Rule** to add a firewall rule. + + - In the **Endpoint Service Name** field, paste your Service Name. + - In the **Firewall Rule Name** field, enter a name to identify this connection. + - In the **Your VPC Endpoint ID** field, paste your 22-character VPC Endpoint ID from the AWS console (starts with `vpce-`). + + > **Tip:** + > + > If you want to allow all Private Endpoint connections from your cloud region (for testing or open access), you can enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. + +4. Click **Submit**. + +### Step 4: Connect to your TiDB cluster After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps: From 62c844a6ccfa0346f46670022f12e3c098023fe8 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 30 Mar 2026 14:10:07 +0800 Subject: [PATCH 2/6] draft --- ...e-endpoint-connections-on-alibaba-cloud.md | 24 +++++++++++++++++-- ...private-endpoint-connections-serverless.md | 13 +++++----- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md index 4af012f718bad..afa3dfa67aaef 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md @@ -22,7 +22,8 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} cluster via a private 1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) 2. [Create a private endpoint on Alibaba Cloud](#step-2-create-a-private-endpoint-on-alibaba-cloud) -3. [Connect to your TiDB cluster using the private endpoint](#step-3-connect-to-your-tidb-cluster-using-the-private-endpoint) +3. [Authorize your private endpoint in TiDB](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +4. [Connect to your TiDB cluster using the private endpoint](#step-3-connect-to-your-tidb-cluster-using-the-private-endpoint) ### Step 1. Choose a TiDB cluster @@ -50,7 +51,26 @@ To use the Alibaba Cloud Management Console to create a VPC interface endpoint, 8. Click **OK** to create the endpoint. 9. Wait for the endpoint status to become **Active** and the connection status to become **Connected**. -### Step 3: Connect to your TiDB cluster using the private endpoint +### Step 3. Authorize your private endpoint in TiDB Cloud + +After creating the interface endpoint in AWS, you must add it to your cluster's allowlist. + +1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. +2. Click **Settings** > **Networking** in the left navigation pane. +3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. +4. Click **Add Rule** to add a firewall rule. + + - **Endpoint Service Name**: paste your service name. + - **Firewall Rule Name**: enter a name to identify this connection. + - **Your Endpoint ID**: paste your 23-character endpoint ID from the Alibaba Cloud console (starts with `ep-`). + + > **Tip:** + > + > If you want to allow all Private Endpoint connections from your cloud region (for testing or open access), you can enter a single asterisk (`*`) in the **Your Endpoint ID** field. + +5. Click **Submit**. + +### Step 4: Connect to your TiDB cluster using the private endpoint After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps: diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index ff616fdb2b238..8a75a93fad91a 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -108,18 +108,19 @@ Then you can connect to the endpoint service with the private DNS name. After creating the interface endpoint in AWS, you must add it to your cluster's allowlist. 1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. -2. Click **Settings** > **Networking** in the left navigation menu. -3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. Click **Add Rule** to add a firewall rule. +2. Click **Settings** > **Networking** in the left navigation pane. +3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. +4. Click **Add Rule** to add a firewall rule. - - In the **Endpoint Service Name** field, paste your Service Name. - - In the **Firewall Rule Name** field, enter a name to identify this connection. - - In the **Your VPC Endpoint ID** field, paste your 22-character VPC Endpoint ID from the AWS console (starts with `vpce-`). + - **Endpoint Service Name**: paste your service name. + - **Firewall Rule Name**: enter a name to identify this connection. + - **Your VPC Endpoint ID**: paste your 22-character VPC Endpoint ID from the AWS console (starts with `vpce-`). > **Tip:** > > If you want to allow all Private Endpoint connections from your cloud region (for testing or open access), you can enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. -4. Click **Submit**. +5. Click **Submit**. ### Step 4: Connect to your TiDB cluster From 644e36a4f1f198854fee3b95adbfd96b173927e7 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Mon, 30 Mar 2026 14:14:34 +0800 Subject: [PATCH 3/6] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- ...et-up-private-endpoint-connections-on-alibaba-cloud.md | 8 ++++---- .../set-up-private-endpoint-connections-serverless.md | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md index afa3dfa67aaef..e6c5da060d07e 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md @@ -22,8 +22,8 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} cluster via a private 1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) 2. [Create a private endpoint on Alibaba Cloud](#step-2-create-a-private-endpoint-on-alibaba-cloud) -3. [Authorize your private endpoint in TiDB](#step-3-authorize-your-private-endpoint-in-tidb-cloud) -4. [Connect to your TiDB cluster using the private endpoint](#step-3-connect-to-your-tidb-cluster-using-the-private-endpoint) +3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +4. [Connect to your TiDB cluster using the private endpoint](#step-4-connect-to-your-tidb-cluster-using-the-private-endpoint) ### Step 1. Choose a TiDB cluster @@ -53,7 +53,7 @@ To use the Alibaba Cloud Management Console to create a VPC interface endpoint, ### Step 3. Authorize your private endpoint in TiDB Cloud -After creating the interface endpoint in AWS, you must add it to your cluster's allowlist. +After creating the interface endpoint in Alibaba Cloud, you must add it to your cluster's allowlist. 1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. @@ -70,7 +70,7 @@ After creating the interface endpoint in AWS, you must add it to your cluster's 5. Click **Submit**. -### Step 4: Connect to your TiDB cluster using the private endpoint +### Step 4. Connect to your TiDB cluster using the private endpoint After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps: diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 8a75a93fad91a..67331bb1422c2 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -41,8 +41,8 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} cluster via a private 1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) -3. [Authorize your private endpoint in TiDB](#step-3-authorize-your-private-endpoint-in-tidb-cloud) -4. [Connect to your TiDB cluster](#step-3-connect-to-your-tidb-cluster) +3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +4. [Connect to your TiDB cluster](#step-4-connect-to-your-tidb-cluster) ### Step 1. Choose a TiDB cluster @@ -122,7 +122,7 @@ After creating the interface endpoint in AWS, you must add it to your cluster's 5. Click **Submit**. -### Step 4: Connect to your TiDB cluster +### Step 4. Connect to your TiDB cluster After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps: From 4b1d36a27383d27a52717b448eb01dfe61f875a2 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 30 Mar 2026 14:34:59 +0800 Subject: [PATCH 4/6] delete space --- .../set-up-private-endpoint-connections-on-alibaba-cloud.md | 2 +- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md index afa3dfa67aaef..ac077d194772b 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md @@ -57,7 +57,7 @@ After creating the interface endpoint in AWS, you must add it to your cluster's 1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. -3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. +3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. 4. Click **Add Rule** to add a firewall rule. - **Endpoint Service Name**: paste your service name. diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 8a75a93fad91a..7159cb9cbeef8 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -109,7 +109,7 @@ After creating the interface endpoint in AWS, you must add it to your cluster's 1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. -3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. +3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. 4. Click **Add Rule** to add a firewall rule. - **Endpoint Service Name**: paste your service name. From 18f9a1707a2c5c7670e082adf26006cb2b7221eb Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Mon, 30 Mar 2026 15:10:07 +0800 Subject: [PATCH 5/6] Apply suggestions from code review Co-authored-by: Grace Cai --- ...et-up-private-endpoint-connections-on-alibaba-cloud.md | 6 +++--- .../set-up-private-endpoint-connections-serverless.md | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md index da540f6f8abe9..0c638c39e2ef2 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md @@ -60,13 +60,13 @@ After creating the interface endpoint in Alibaba Cloud, you must add it to your 3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. 4. Click **Add Rule** to add a firewall rule. - - **Endpoint Service Name**: paste your service name. + - **Endpoint Service Name**: paste the service name you got from [Step 1](#step-1-choose-a-tidb-cluster). - **Firewall Rule Name**: enter a name to identify this connection. - - **Your Endpoint ID**: paste your 23-character endpoint ID from the Alibaba Cloud console (starts with `ep-`). + - **Your Endpoint ID**: paste your 23-character endpoint ID from the Alibaba Cloud Management Console (starts with `ep-`). > **Tip:** > - > If you want to allow all Private Endpoint connections from your cloud region (for testing or open access), you can enter a single asterisk (`*`) in the **Your Endpoint ID** field. + > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your Endpoint ID** field. 5. Click **Submit**. diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index eb1f2f03d95e2..0d343f07e0a9b 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -105,20 +105,20 @@ Then you can connect to the endpoint service with the private DNS name. ### Step 3. Authorize your private endpoint in TiDB Cloud -After creating the interface endpoint in AWS, you must add it to your cluster's allowlist. +After creating the AWS interface endpoint, you must add it to your cluster's allowlist. 1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. 3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. 4. Click **Add Rule** to add a firewall rule. - - **Endpoint Service Name**: paste your service name. + - **Endpoint Service Name**: paste the service name you got from [Step 1](#step-1-choose-a-tidb-cluster). - **Firewall Rule Name**: enter a name to identify this connection. - - **Your VPC Endpoint ID**: paste your 22-character VPC Endpoint ID from the AWS console (starts with `vpce-`). + - **Your VPC Endpoint ID**: paste your 22-character VPC Endpoint ID from the AWS Management Console (starts with `vpce-`). > **Tip:** > - > If you want to allow all Private Endpoint connections from your cloud region (for testing or open access), you can enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. + > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. 5. Click **Submit**. From a64b05ecff65021f4e19a668252c5868b1f7ce71 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Mon, 30 Mar 2026 15:10:21 +0800 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: Grace Cai --- .../set-up-private-endpoint-connections-on-alibaba-cloud.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md index 0c638c39e2ef2..6c935ae4e5f98 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md @@ -53,7 +53,7 @@ To use the Alibaba Cloud Management Console to create a VPC interface endpoint, ### Step 3. Authorize your private endpoint in TiDB Cloud -After creating the interface endpoint in Alibaba Cloud, you must add it to your cluster's allowlist. +After creating the interface endpoint on Alibaba Cloud, you must add it to your cluster's allowlist. 1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane.