(Optional) Apply for a public endpoint for an instance - ApsaraDB for MongoDB

ApsaraDB for MongoDB supports public endpoints. You can apply for a public endpoint for an ApsaraDB for MongoDB instance and use the public endpoint to connect to the databases of the instance over the Internet. This topic describes how to apply for a public endpoint for an ApsaraDB for MongoDB sharded cluster instance.

Background information

The following table describes the endpoint types supported by ApsaraDB for MongoDB instances.

Endpoint type	Description
VPC endpoint	A virtual private cloud (VPC) is an isolated network that provides higher security and performance than the classic network. By default, ApsaraDB for MongoDB provides VPC endpoints for instances to ensure high security and performance.
Classic network endpoint	Cloud services on the classic network are not isolated. Unauthorized access can be blocked only by using security groups or whitelists. For more information about how to switch the network type of an ApsaraDB for MongoDB instance from classic network to VPC, see Switch the network type of an instance from classic network to VPC. Note The classic network is not supported for DynamoDB-compatible sharded cluster instances.
Public endpoint	Risks arise when you connect to your ApsaraDB for MongoDB instance over the Internet. In this connection, ApsaraDB for MongoDB does not provide public endpoints by default. If you want to connect to an ApsaraDB for MongoDB instance from a device outside Alibaba Cloud (such as an on-premise device), you must apply for a public endpoint.

Usage notes

When you apply for a public endpoint for an ApsaraDB for MongoDB instance that uses local disks and runs MongoDB 3.2 or an earlier version, the instance is restarted. We recommend that you apply for a public endpoint for the instance during off-peak hours.
If you want to use the public endpoint allocated to an instance to connect to the instance, you must add the public IP address of your client to a whitelist of the instance. For more information, see Configure a whitelist for an instance.
For an ApsaraDB for MongoDB instance that uses cloud disks, you can apply for a public endpoint only for a mongos node in the instance.

Procedure

Go to the Sharded Cluster Instances page. In the top navigation bar, select the region in which the instance resides. Then, find the instance and click the ID of the instance.
In the left-side navigation pane of the instance details page, click Database Connections.
In the Public Connections section, click Apply for Public Connection String.

In the Apply for Public Connection String panel, configure the parameters described in the following table.

Note

You can apply for a public endpoint only for a mongos node in an instance that uses cloud disks.

Parameter	Option	Description
Node Type	Shard	The shard node. Before you apply for a public endpoint for a shard node, you must apply for an endpoint for the shard node. For more information, see Apply for an endpoint for a shard or ConfigServer node in a sharded cluster instance. Note If you want to read the oplog data of a shard node over the Internet when you perform specific operations such as data synchronization between instances, you must apply for a public endpoint for the shard node.
	CS	The ConfigServer node. Before you apply for a public endpoint for a ConfigServer node in a sharded cluster instance, you must apply for an endpoint for the ConfigServer node. For more information, see Apply for an endpoint for a shard or ConfigServer node in a sharded cluster instance. Note If you want to read the configuration information of a ConfigServer node in a sharded cluster instance over the Internet when you perform specific operations such as data synchronization between instances, you must apply for a public endpoint for the ConfigServer node.
	Mongos	The mongos node. Note In most cases, mongos nodes are sufficient to meet your read/write requirements.
Node ID	Node ID of the current instance	The ID of the node for which you want to apply for a public endpoint.

Click OK.
(Optional) To apply for public endpoints for multiple nodes in the sharded cluster instance, repeat the preceding steps.
Note
To apply for a public endpoint for another node in the instance, you must wait until the instance status becomes Running.

Result

After you apply for a public endpoint, you can view the created endpoint in the following sections. For more information about endpoints, see Connect to a sharded cluster instance.

Connection Details section of the Basic Information page
Public Connections section of the Database Connections page

References

For more information about how to use the public endpoint of an ApsaraDB for MongoDB instance to connect to the instance, see Connect to an instance over the Internet.
To ensure data security, you can release public endpoints that you no longer need. For more information about how to release a public endpoint, see Release a public endpoint.
Before you use the public endpoint of an ApsaraDB for MongoDB instance to connect to the instance, we recommend that you enable Secure Sockets Layer (SSL) encryption. For more information about how to enable SSL encryption, see Use the mongo shell to connect to a database in SSL encryption mode.