Docs Menu
Docs Home
/ /
MongoDB Atlas Kubernetes Operator
/ /

Manage Private Endpoints for an Federated Database Instance

On this page

  • Procedure

Note

This feature is not available for any of the following deployments:

  • M0 clusters

  • M2/M5 clusters

  • Flex clusters

Atlas Kubernetes Operator supports managing private endpoints for dedicated clusters on AWS using the AWS PrivateLink feature.

Before you begin, see Manage Private Endpoints.

To enable clients to connect to Atlas dedicated clusters using private endpoints:

1

Use the following table to find the service name that corresponds to the AWS region for your private endpoint:

AWS Region
Service Name

us-east-1

com.amazonaws.vpce.us-east-1.vpce-svc-00e311695874992b4

us-west-1

com.amazonaws.vpce.us-west-2.vpce-svc-09d86b19e59d1b4bb

eu-west-1

com.amazonaws.vpce.eu-west-1.vpce-svc-0824460b72e1a420e

eu-west-2

com.amazonaws.vpce.eu-west-2.vpce-svc-052f1840aa0c4f1f9

eu-central-1

com.amazonaws.vpce.eu-central-1.vpce-svc-0ac8ce91871138c0d

sa-east-1

com.amazonaws.vpce.sa-east-1.vpce-svc-0b56e75e8cdf50044

ap-southeast-2

com.amazonaws.vpce.ap-southeast-2.vpce-svc-036f1de74d761706e

ap-south-1

com.amazonaws.vpce.ap-south-1.vpce-svc-03eb8a541f96d356d

2

To create your application VPC interface endpoint:

  1. Copy the following command:

    aws ec2 create-vpc-endpoint --vpc-id {your-application-vpc-id} --region {aws-region} --service-name {service-name} --vpc-endpoint-type Interface --subnet-ids {your-application-subnet-ids}
  2. Replace the following placeholders with the details about your AWS VPC:

    your-application-vpc-id

    Unique string that identifies the peer AWS VPC. Find this value on the VPC dashboard in your AWS account.

    aws-region

    Label that identifies the AWS region of the private endpoint.

    service-name

    Unique string that identifies the service for your private endpoint. This is the service name value you retrieved in the previous step.

    your-application-subnet-ids

    Unique strings that identify the subnets your AWS VPC uses. Separate each subnet with a space. Find these values on the Subnet dashboard in your AWS account.

    IMPORTANT: You must specify at least one subnet. If you don't, AWS won't provision a interface endpoint in your VPC. An interface endpoint is required for clients in your VPC to send traffic to the private endpoint.

  3. Run the command with the AWS CLI.

  4. Note the VpcEndpointId value in the output.

    Example

    "VpcEndpoint": {
    "VpcEndpointId": "vpce-XXXXXX”,
    "VpcEndpointType": "Interface",
    "VpcId": "vpc-XXXXX”,
    "ServiceName": "com.amazonaws.vpce.{aws-region}.vpce-svc-XXXX”,
    "State": "pendingAcceptance",
    }

To learn more, see Creating an Interface Endpoint in the AWS documentation.

3

Specify the spec.privateEndpoints parameter for the AtlasDataFederation Custom Resource. Replace vpce-id with the VpcEndpointId value from the previous step and run the following command:

Note

You can find the unique identifier of the peer AWS VPC on the VPC dashboard in your AWS account.

cat <<EOF | kubectl apply -f -
apiVersion: atlas.mongodb.com/v1
kind: AtlasDataFederation
metadata:
name: my-federated-deployment
spec:
name: my-fdi
privateEndpoints:
- endpointId: {vpce-id}
provider: AWS
type: DATA_LAKE
EOF
4

Run the following command:

kubectl get atlasdatafederation my-fdi -o yaml

Back

Serverless

On this page