Navigation

Set up a Private Endpoint

Feature unavailable in Free and Shared-Tier Clusters

This feature is not available for M0 (Free Tier), M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Tier), M2, and M5 Limitations.

Feature incompatible with Multi-Cloud Clusters

Atlas doesn’t support this feature in multi-cloud clusters at this time.

MongoDB Atlas supports private endpoints on AWS using the AWS PrivateLink feature. When you enable this feature, Atlas creates its own VPC and places clusters within a region behind a network load balancer in the Atlas VPC. Then you create resources that establish a one-way connection from your VPC to the network load balancer in the Atlas VPC using a private endpoint.

Feature unavailable in Free and Shared-Tier Clusters

This feature is not available for M0 (Free Tier), M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Tier), M2, and M5 Limitations.

MongoDB Atlas supports private endpoints on:

Considerations

High Availability

Private Endpoint-Aware Connection Strings

IP Access Lists and Network Peering Connections with Private Endpoints

When Private Endpoints are enabled, you can still enable access to your Atlas clusters using other methods, such as adding public IPs to IP access lists and network peering.

Clients connecting to Atlas clusters using other methods use standard connection strings. Your clients might have to identify when to use private endpoint-aware connection strings and standard connection strings.

Limitations

Prerequisites

To enable connections to Atlas using private endpoints, you must:

Procedures

Configure an Atlas Private Endpoint

Enable clients to connect to Atlas clusters using private endpoints with the following procedure:

Connect to Atlas using a Private Endpoint

Note

For important considerations about private endpoint-aware connection strings, see Private Endpoint-Aware Connection Strings.

Use a private endpoint-aware connection string to connect to an Atlas cluster with the following procedure:

1

Open the Connect dialog.

In the Clusters view, click the Connect button for the cluster to which you want to connect.

2

Select the Private Endpoint connection type.

3

Select the private endpoint to which you want to connect.

4

Create a Database User.

Important

Skip this step if Atlas indicates in the Setup connection security step that you have at least one database user configured in your project. To manage existing database users, see Configure Database Users.

To access the cluster, you need a MongoDB user with access to the desired database or databases on the cluster in your project. If your project has no MongoDB users, Atlas prompts you to create a new user with the Atlas Admin role.

  1. Enter the new user’s Username
  2. Enter a Password for this new user or click Autogenerate Secure Password.
  3. Click Create Database User to save the user.

Use this user to connect to your cluster in the following step.

Once you have added an IP address to your IP access list and added a database user, click Choose Your Connection Method.

5

Select your preferred connection method.

In the Choose a connection method step, Atlas provides instructions for each listed connection method. Click your preferred connection method and follow the instructions given.

For connecting via a command line tool such as mongodump or mongorestore, use the Command Line Tools tab for an auto-generated template for connecting to your Atlas cluster with your preferred tool.

MongoDB recommends that your clients use the DNS seedlist connection string format. If your driver doesn’t support this format, select an older version of your driver or version 3.4 or earlier of the mongo shell from the Connect tab to use the standard connection string format.

Remove a Private Endpoint from Atlas

Troubleshoot Private Endpoint Connection Issues