(Optional) Apply for a public endpoint for an ApsaraDB for MongoDB instance - ApsaraDB for MongoDB

ApsaraDB for MongoDB supports public endpoints. You can apply for a public endpoint for an ApsaraDB for MongoDB instance and use the public endpoint to connect to the databases of the instance over the Internet. This topic describes how to apply for a public endpoint for an ApsaraDB for MongoDB sharded cluster instance.

Background information

The following table describes the endpoint types supported by ApsaraDB for MongoDB instances.

Endpoint type	Description
VPC endpoint	A virtual private cloud (VPC) is an isolated network that provides higher security and performance than the classic network. By default, ApsaraDB for MongoDB provides VPC endpoints for instances to ensure high security and performance.
Classic network endpoint	Cloud services deployed in the classic network are not isolated. Unauthorized access can be blocked only by using security groups or whitelists. You can switch the network type to VPC. For more information, see Switch the network type from classic network to VPC. Note The classic network is not supported for DynamoDB-compatible sharded cluster instances.
Public endpoint	Risks arise when you connect to your ApsaraDB for MongoDB instance over the Internet. In this connection, ApsaraDB for MongoDB does not provide public endpoints by default. If you want to connect to an ApsaraDB for MongoDB instance from a device outside Alibaba Cloud (such as an on-premise device), you must apply for a public endpoint.

Usage notes

When you apply for a public endpoint for an ApsaraDB for MongoDB instance, the instance may need to restart. We recommend that you perform this operation during off-peak hours.
If you want to use the public endpoint allocated to an instance to connect to the instance, you must add the public IP address of your client to a whitelist of the instance. For more information, see Configure a whitelist for an ApsaraDB for MongoDB instance.
For an ApsaraDB for MongoDB instance that uses cloud disks, you can apply for a public endpoint only for a mongos node in the instance.

Procedure

Log on to the ApsaraDB for MongoDB console .
In the left-side navigation pane, click Sharded Cluster Instances.
In the upper-left corner of the Sharded Cluster Instances page, select the resource group and region to which the desired instance belongs.
Click the ID of the instance or click Manage in the Actions column.
In the left-side navigation pane of the instance details page, click Database Connections.
In the Public Connections section, click Apply for Public Connection String.

In the Apply for Public Connection String panel, configure the parameters described in the following table.

Note

You can apply for a public endpoint only for a mongos node in an instance that uses cloud disks.

Parameter	Option	Description
Node Type	Shard	The shard node. Before you apply for a public endpoint for a shard node, you must apply for an endpoint for the shard node. For more information, see Apply for an endpoint for a shard or Configserver node. Note If you want to read the oplog data of a shard node over the Internet when you perform specific operations such as data synchronization between instances, you must apply for a public endpoint for the shard node.
	CS	The Configserver node. Before you apply for a public endpoint for a Configserver node, you must apply for an endpoint for the Configserver node. For more information, see Apply for an endpoint for a shard or Configserver node. Note If you want to read the configuration information of a Configserver node over the Internet when you perform specific operations such as data synchronization between instances, you must apply for a public endpoint for the Configserver node.
	Mongos	The mongos node. Note In most cases, mongos nodes are sufficient to meet your read and write needs.
Node ID		The ID of the node for which you want to apply for a public endpoint.

Click OK.
(Optional) To apply for public endpoints for multiple nodes in the sharded cluster instance, repeat the preceding steps.
Note
To apply for a public endpoint for another node in the instance, you must wait until the state of the instance becomes Running.

Results

After you apply for public endpoints, you can view the created endpoints in the following sections. For more information about endpoints, see Connect to a sharded cluster instance.

Connection Info section of the Basic Information page
Public Connections section of the Database Connections page

References

For more information about how to connect to an instance by using a public endpoint, see Connect to an ApsaraDB for MongoDB instance over the Internet.
To ensure data security, you can release public endpoints that you no longer need. For more information about how to release a public endpoint, see Release a public endpoint.
Before you connect to an ApsaraDB for MongoDB instance over the Internet, we recommend that you enable Secure Sockets Layer (SSL) encryption. For more information about how to enable SSL encryption, see Use the mongo shell to connect to an ApsaraDB for MongoDB database in SSL encryption mode.