Manage public endpoints - ApsaraDB for MongoDB - Alibaba Cloud Documentation Center

ApsaraDB for MongoDB provides public endpoints. This topic describes how to manage public endpoints.

Background information

By default, the ApsaraDB for MongoDB console displays private endpoints in the Internal Connections - VPC section. To connect to an instance over the Internet, you must manually apply for a public endpoint.

Endpoint type	Description
Private endpoint	A virtual private cloud (VPC) is an isolated network that provides higher security and performance than the classic network. By default, ApsaraDB for MongoDB provides VPC endpoints for instances to ensure high security and performance.
Public endpoint	Connecting to instances over the Internet poses security risks, To ensure access security, ApsaraDB for MongoDB provides only VPC endpoints by default. To connect to an instance from a device outside Alibaba Cloud (such as an on-premises device), you must manually apply for a public endpoint.

Apply for a public endpoint

Usage notes

When you apply for a public endpoint for an instance that uses local disks and runs MongoDB 3.2 or earlier, the instance is restarted. We recommend that you apply for a public endpoint for the instance during off-peak hours.
Before connecting to an instance by using a public endpoint, you must add the public IP address of the client connecting to the instance to a whitelist of the instance.
For sharded cluster instances that use cloud disks, you can apply for public endpoints only for mongos nodes.

Procedure

Go to the Replica Set Instances or Sharded Cluster Instances page. In the top navigation bar, select the resource group and region to which the desired instance belongs. Then, find the instance and click the instance ID.
In the left-side navigation pane of the instance details page, click Database Connections.

Perform the corresponding operations based on the instance architecture.

Replica set or standalone instance

In the Public Connections section, click Apply for Public Connection String.
In the dialog box that appears, click OK.

Sharded cluster instance

In the Public Connections section, click Apply for Public Connection String.

In the panel that appears, configure the parameters described in the following table.

Parameter	Option	Description
Node Type	Shard	The shard component. Note To read the oplog data of a shard component over the Internet when you perform specific operations such as data synchronization between replica sets, you must apply for a public endpoint for the component. To apply for a public endpoint for a shard component, you must first apply for a shard endpoint.
	CS	The ConfigServer component. Note Only an existing instance with a private endpoint for the ConfigServer component supports applying for a public endpoint for the component. ApsaraDB for MongoDB no longer supports applying for a private endpoint for a ConfigServer component.
	Mongos	The mongos component. In general, you need only to connect to a mongos node to read/write data.
Node ID	Node ID of the current instance	The ID of the node for which you want to apply for a public endpoint.

Click OK.

To apply for public endpoints for multiple components in a sharded cluster instance, repeat the preceding steps.

Release a public endpoint

Usage notes

After releasing a public endpoint of an instance or that of a node, you can no longer connect to the instance or node by using the original public endpoint.
After you release a public endpoint, we recommend that you delete the corresponding public IP address from a whitelist to ensure data security.

Procedure

Go to the Replica Set Instances or Sharded Cluster Instances page. In the top navigation bar, select the resource group and region to which the desired instance belongs. Then, find the instance and click the instance ID.
In the left-side navigation pane of the instance details page, click Database Connections.
Perform the corresponding operations based on the instance architecture.
Replica set or standalone instance
Note
After you release the public endpoint of a replica set instance, the public endpoints of both the primary and secondary nodes are released.
1. In the Public Connections section, select the endpoint and then click Release in the Actions column.
2. In the Confirm Release dialog box, click OK.
Sharded cluster instance
Note
For a sharded cluster instance, you can release the public endpoint of one or more mongos, shard, or ConfigServer nodes. The nodes whose public endpoints are not released are still accessible. For more information about the components of a sharded cluster instance, see Sharded cluster instances.
After you release the endpoint of a shard or ConfigServer component, the public endpoints of both the primary and secondary nodes in the component are released.
1. In the Public Connections section, select the endpoint that you want to release and then click Release in the Actions column.
2. In the Confirm Release dialog box, click OK.
To release the public endpoints of multiple nodes in a sharded cluster instance, repeat the preceding steps.

References

For more information about the endpoints of an instance, see Overview of instance connections.
For more information about how to connect to an instance by using a public endpoint, see Connect to an instance over the Internet from a local client.
When you connect to a database by using a public endpoint, we recommend that you use SSL encryption. For more information, see Use the mongo shell to connect to a database in SSL encryption mode.