From 835eeca09292878f788dee0da6b146614bd826de Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Thu, 16 Oct 2025 14:33:40 +0800 Subject: [PATCH 01/27] tidbcloud/premium: add create private endpoint --- .../connect-via-private-connection-premium.md | 202 ++++++++++++++++++ 1 file changed, 202 insertions(+) create mode 100644 tidb-cloud/premium/connect-via-private-connection-premium.md diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md new file mode 100644 index 0000000000000..f38736f2c50e7 --- /dev/null +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -0,0 +1,202 @@ +--- +title: Connect to a TiDB Cloud Premium instance via AWS PrivateLink +summary: Learn how to connect to your TiDB Cloud instance via private endpoint with AWS. +--- + +# Connect to a TiDB Cloud Premium instance via AWS PrivateLink + +This document describes how to connect to your TiDB Cloud Premium instance via [AWS PrivateLink](https://aws.amazon.com/privatelink). + +> **Tip:** +> +> - To learn how to connect to a {{{ .starter }}} cluster via AWS PrivateLink, see [Connect to {{{ .starter }}} via AWS PrivateLink](/tidb-cloud/set-up-private-endpoint-connections-serverless.md). +> - To learn how to connect to a TiDB Cloud Premium instance via private endpoint with AlibabaCloud, see [Connect to a TiDB Cloud Premium instance via Alibaba Cloud Private Link](/tidb-cloud/connect-via-private-connection-premium-on-alicloud.md). + +TiDB Cloud supports highly secure and one-way access to the TiDB Cloud service hosted in an AWS VPC via [AWS PrivateLink](https://aws.amazon.com/privatelink), as if the service were in your own VPC. A private endpoint is exposed in your VPC and you can create a connection to the TiDB Cloud service via the endpoint with permission. + +Powered by AWS PrivateLink, the endpoint connection is secure and private, and does not expose your data to the public internet. In addition, the endpoint connection supports CIDR overlap and is easier for network management. + +The architecture of the private endpoint is as follows: + +![Private endpoint architecture](/media/tidb-cloud/aws-private-endpoint-arch.png) + +For more detailed definitions of the private endpoint and endpoint service, see the following AWS documents: + +- [What is AWS PrivateLink?](https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html) +- [AWS PrivateLink concepts](https://docs.aws.amazon.com/vpc/latest/privatelink/concepts.html) + +## Restrictions + +- Only the `Organization Owner` roles can create private endpoint connections. +- The private endpoint and the TiDB instance to be connected must be located in the same region. + + + +## Prerequisites + +Make sure that DNS hostnames and DNS resolution are both enabled in your AWS VPC settings. They are disabled by default when you create a VPC in the [AWS Management Console](https://console.aws.amazon.com/). + +## Set up a private endpoint connection and connect to your instance + +To connect to your TiDB Cloud Premium instance via a private endpoint, complete the follow these steps: + +1. [Select a TiDB instance](#step-1-select-a-tidb-cluster) +2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) +3. [Create a private endpoint connection](#step-3-create-a-private-endpoint-connection) +4. [Enable private DNS](#step-4-enable-private-dns) +5. [Connect to your TiDB instance](#step-5-connect-to-your-tidb-cluster) + +If you have multiple instances, you need to repeat these steps for each instance that you want to connect to using AWS PrivateLink. + +### Step 1. Select a TiDB instance + +1. On the [**Instances**](https://tidbcloud.com/tidbs?orgId=1372813089208281461&uiMode=new-offerings-preview) page of your TiDB Cloud web console, click the name of your target TiDB instance to go to its overview page. +2. Click **Connect** in the upper-right corner. A connection dialog is displayed. +3. In the **Connection Type** drop-down list, select **Private Endpoint**, and then click **Create Private Endpoint Connection**. + +> **Note:** +> +> If you have already created a private endpoint connection, the active endpoint will appear in the connection dialog. To create additional private endpoint connections, navigate to the **Networking** page by clicking **Settings** > **Networking** in the left navigation pane. + +### Step 2. Create an AWS interface endpoint + +> **Note:** +> +> For each TiDB Cloud Premium instance, the corresponding endpoint service is automatically created 3 to 4 minutes after the instance creation. + +If you see the `TiDB Private Link Service is ready` message, the corresponding endpoint service is ready. You can provide the following information to create the endpoint. + +1. Fill in the **Your VPC ID** and **Your Subnet IDs** fields. You can find these IDs from your [AWS Management Console](https://console.aws.amazon.com/). For multiple subnets, enter the IDs separated by spaces. +2. Click **Generate Command** to get the following endpoint creation command. + + ```bash + aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${your_region} --service-name ${your_endpoint_service_name} --vpc-endpoint-type Interface --subnet-ids ${your_application_subnet_ids} + ``` + +Then, you can create an AWS interface endpoint either using the AWS CLI or using the [AWS Management Console](https://aws.amazon.com/console/). + + +
+ +To use the AWS CLI to create a VPC interface endpoint, perform the following steps: + +1. Copy the generated command and run it in your terminal. +2. Record the VPC endpoint ID you just created. + +> **Tip:** +> +> - Before running the command, you need to have AWS CLI installed and configured. See [AWS CLI configuration basics](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html) for details. +> +> - If your service is spanning across more than three availability zones (AZs), you will get an error message indicating that the VPC endpoint service does not support the AZ of the subnet. This issue occurs when there is an extra AZ in your selected region in addition to the AZs where your TiDB instance is located. In this case, you can contact [PingCAP Technical Support](https://docs.pingcap.com/tidbcloud/tidb-cloud-support). + +
+
+ +To use the AWS Management Console to create a VPC interface endpoint, perform the following steps: + +1. Sign in to the [AWS Management Console](https://aws.amazon.com/console/) and open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/). +2. Click **Endpoints** in the navigation pane, and then click **Create Endpoint** in the upper-right corner. + + The **Create endpoint** page is displayed. + + ![Verify endpoint service](/media/tidb-cloud/private-endpoint/create-endpoint-2.png) + +3. In the **Endpoint settings** area, fill in a name tag if needed, and then select the **Endpoint services that use NLBs and GWLBs** option. +4. In the **Service settings** area, enter the service name `${your_endpoint_service_name}` from the generated command (`--service-name ${your_endpoint_service_name}`). +5. Click **Verify service**. +6. In the **Network settings** area, select your VPC in the drop-down list. +7. In the **Subnets** area, select the availability zones where your TiDB instance is located. + + > **Tip:** + > + > If your service is spanning across more than three availability zones (AZs), you might not be able to select AZs in the **Subnets** area. This issue occurs when there is an extra AZ in your selected region in addition to the AZs where your TiDB instance is located. In this case, contact [PingCAP Technical Support](https://docs.pingcap.com/tidbcloud/tidb-cloud-support). + +8. In the **Security groups** area, select your security group properly. + + > **Note:** + > + > Make sure the selected security group allows inbound access from your EC2 instances on Port 4000 or a customer-defined port. + +9. Click **Create endpoint**. + +
+ + +### Step 3. Create a private endpoint connection + +1. Go back to the TiDB Cloud console. +2. On the **Create AWS Private Endpoint Connection** page, enter your VPC endpoint ID. +3. Click **Create Private Endpoint Connection**. + +> **Tip:** +> +> You can view and manage private endpoint connections on your target TiDB instance, and then click **Settings** > **Networking** in the left navigation pane. + +### Step 4. Enable private DNS + +Enable private DNS in AWS. You can either use the AWS CLI or the AWS Management Console. + + +
+ +To enable private DNS using your AWS CLI, copy the following `aws ec2 modify-vpc-endpoint` command from the **Create Private Endpoint Connection** page and run it in your AWS CLI. + +```bash +aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${your_vpc_endpoint_id} --private-dns-enabled +``` + +Alternatively, you can find the command on the **Networking** page of your instance. Locate the private endpoint and click **...*** > **Enable DNS** in the **Action** column. + +
+
+ +To enable private DNS in your AWS Management Console: + +1. Go to **VPC** > **Endpoints**. +2. Right-click your endpoint ID and select **Modify private DNS name**. +3. Select the **Enable for this endpoint** check box. +4. Click **Save changes**. + + ![Enable private DNS](/media/tidb-cloud/private-endpoint/enable-private-dns.png) + +
+ + +### Step 5. Connect to your TiDB instance + +After you have accepted the private endpoint connection, you are redirected back to the connection dialog. + +1. Wait for the private endpoint connection status to change from **System Checking** to **Active** (approximately 5 minutes). +2. In the **Connect With** drop-down list, select your preferred connection method. The corresponding connection string is displayed at the bottom of the dialog. +3. Connect to your instance with the connection string. + +> **Tip:** +> +> If you cannot connect to the instance, the reason might be that the security group of your VPC endpoint in AWS is not properly set. See [this FAQ](#troubleshooting) for solutions. + +### Private endpoint status reference + +When you use private endpoint connections, the statuses of private endpoints or private endpoint services is displayed on your instance-level **Networking** page: +- switch to your target instance using the combo box in the upper-left corner, and then click **Settings** > **Networking** in the left navigation pane. + +The possible statuses of a private endpoint are explained as follows: + +- **Not Configured**: The endpoint service is created but the private endpoint is not created yet. +- **Pending**: Waiting for processing. +- **Active**: Your private endpoint is ready to use. You cannot edit the private endpoint of this status. +- **Deleting**: The private endpoint is being deleted. +- **Failed**: The private endpoint creation fails. You can click **Edit** of that row to retry the creation. + +The possible statuses of a private endpoint service are explained as follows: + +- **Creating**: The endpoint service is being created, which takes 3 to 5 minutes. +- **Active**: The endpoint service is created, no matter whether the private endpoint is created or not. +- **Deleting**: The endpoint service or the instance is being deleted, which takes 3 to 5 minutes. + +## Troubleshooting + +### I cannot connect to a TiDB instance via a private endpoint after enabling private DNS. Why? + +You might need to properly set the security group for your VPC endpoint in the AWS Management Console. Go to **VPC** > **Endpoints**. Right-click your VPC endpoint and select the proper **Manage security groups**. A proper security group within your VPC that allows inbound access from your EC2 instances on Port 4000 or a customer-defined port. + +![Manage security groups](/media/tidb-cloud/private-endpoint/manage-security-groups.png) From d63b2f7ab401e93124ef2b529f2617dccec35e0b Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Thu, 16 Oct 2025 14:43:16 +0800 Subject: [PATCH 02/27] tidb-cloud/premium: update link --- tidb-cloud/premium/connect-via-private-connection-premium.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index f38736f2c50e7..eec5839e711dc 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -40,11 +40,11 @@ Make sure that DNS hostnames and DNS resolution are both enabled in your AWS VPC To connect to your TiDB Cloud Premium instance via a private endpoint, complete the follow these steps: -1. [Select a TiDB instance](#step-1-select-a-tidb-cluster) +1. [Select a TiDB instance](#step-1-select-a-tidb-instance) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) 3. [Create a private endpoint connection](#step-3-create-a-private-endpoint-connection) 4. [Enable private DNS](#step-4-enable-private-dns) -5. [Connect to your TiDB instance](#step-5-connect-to-your-tidb-cluster) +5. [Connect to your TiDB instance](#step-5-connect-to-your-tidb-instance) If you have multiple instances, you need to repeat these steps for each instance that you want to connect to using AWS PrivateLink. From 73792a828a38f94f1f6622203baee64ef17638bd Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Thu, 16 Oct 2025 14:48:57 +0800 Subject: [PATCH 03/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index eec5839e711dc..901825292486e 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -10,7 +10,7 @@ This document describes how to connect to your TiDB Cloud Premium instance via [ > **Tip:** > > - To learn how to connect to a {{{ .starter }}} cluster via AWS PrivateLink, see [Connect to {{{ .starter }}} via AWS PrivateLink](/tidb-cloud/set-up-private-endpoint-connections-serverless.md). -> - To learn how to connect to a TiDB Cloud Premium instance via private endpoint with AlibabaCloud, see [Connect to a TiDB Cloud Premium instance via Alibaba Cloud Private Link](/tidb-cloud/connect-via-private-connection-premium-on-alicloud.md). +> - To learn how to connect to a TiDB Cloud Premium instance via private endpoint with Alibaba Cloud, see [Connect to a TiDB Cloud Premium instance via Alibaba Cloud Private Link](/tidb-cloud/connect-via-private-connection-premium-on-alicloud.md). TiDB Cloud supports highly secure and one-way access to the TiDB Cloud service hosted in an AWS VPC via [AWS PrivateLink](https://aws.amazon.com/privatelink), as if the service were in your own VPC. A private endpoint is exposed in your VPC and you can create a connection to the TiDB Cloud service via the endpoint with permission. From 9dd84f1cc8bc8c5747f28f22d8defa0e85a02317 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Thu, 16 Oct 2025 17:56:18 +0800 Subject: [PATCH 04/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 901825292486e..9b016b0f9cd06 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -38,7 +38,7 @@ Make sure that DNS hostnames and DNS resolution are both enabled in your AWS VPC ## Set up a private endpoint connection and connect to your instance -To connect to your TiDB Cloud Premium instance via a private endpoint, complete the follow these steps: +To connect to your TiDB Cloud Premium instance via a private endpoint, follow these steps: 1. [Select a TiDB instance](#step-1-select-a-tidb-instance) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) From 469d29a02dff9fbe92ba5444f6658c0e2f990649 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Thu, 16 Oct 2025 17:58:03 +0800 Subject: [PATCH 05/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 9b016b0f9cd06..6292ef97829e1 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -183,7 +183,7 @@ The possible statuses of a private endpoint are explained as follows: - **Not Configured**: The endpoint service is created but the private endpoint is not created yet. - **Pending**: Waiting for processing. -- **Active**: Your private endpoint is ready to use. You cannot edit the private endpoint of this status. +- **Active**: Your private endpoint is ready to use. You cannot edit a private endpoint in this status. - **Deleting**: The private endpoint is being deleted. - **Failed**: The private endpoint creation fails. You can click **Edit** of that row to retry the creation. From 66a6b99056a516fcaa73c3962f214eb31de88da7 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Fri, 17 Oct 2025 14:03:40 +0800 Subject: [PATCH 06/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 6292ef97829e1..22844e158519f 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -1,6 +1,6 @@ --- title: Connect to a TiDB Cloud Premium instance via AWS PrivateLink -summary: Learn how to connect to your TiDB Cloud instance via private endpoint with AWS. +summary: Learn how to connect to your TiDB Cloud Premium instance via private endpoint with AWS. --- # Connect to a TiDB Cloud Premium instance via AWS PrivateLink From b131188058efd0b58bb82d3f7be71375ca7a3cc8 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Fri, 17 Oct 2025 14:04:07 +0800 Subject: [PATCH 07/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 22844e158519f..875e5df3e846f 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -190,7 +190,7 @@ The possible statuses of a private endpoint are explained as follows: The possible statuses of a private endpoint service are explained as follows: - **Creating**: The endpoint service is being created, which takes 3 to 5 minutes. -- **Active**: The endpoint service is created, no matter whether the private endpoint is created or not. +- **Active**: The endpoint service is created, regardless of whether the private endpoint is created or not. - **Deleting**: The endpoint service or the instance is being deleted, which takes 3 to 5 minutes. ## Troubleshooting From 1edcb9a11e29b0b1b378d6e37006d54a41e721bf Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Tue, 21 Oct 2025 10:41:25 +0800 Subject: [PATCH 08/27] Update TOC-tidb-cloud-premium.md --- TOC-tidb-cloud-premium.md | 1 + 1 file changed, 1 insertion(+) diff --git a/TOC-tidb-cloud-premium.md b/TOC-tidb-cloud-premium.md index 656c0fdfd8943..60e8f233e785d 100644 --- a/TOC-tidb-cloud-premium.md +++ b/TOC-tidb-cloud-premium.md @@ -135,6 +135,7 @@ - Connect to Your TiDB Cloud Cluster - [Connection Overview](/tidb-cloud/connect-to-tidb-cluster-serverless.md) - [Connect via Public Endpoint](/tidb-cloud/connect-via-standard-connection-serverless.md) + - [Connect via Private Endpoint with AWS](/tidb-cloud/premium/connect-via-private-connection-premium.md) - [Connect via Private Endpoint with Alibaba Cloud](/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md) - [Back Up and Restore TiDB Cloud Data](/tidb-cloud/backup-and-restore-serverless.md) - Use an HTAP Cluster with TiFlash From aeb79b036e4b83738178551b8da43e375fd4e982 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Wed, 22 Oct 2025 14:36:34 +0800 Subject: [PATCH 09/27] Fix format by removing extra blank lines and add one before list --- tidb-cloud/premium/connect-via-private-connection-premium.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 875e5df3e846f..ea49f842ba6a8 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -29,9 +29,6 @@ For more detailed definitions of the private endpoint and endpoint service, see - Only the `Organization Owner` roles can create private endpoint connections. - The private endpoint and the TiDB instance to be connected must be located in the same region. - - - ## Prerequisites Make sure that DNS hostnames and DNS resolution are both enabled in your AWS VPC settings. They are disabled by default when you create a VPC in the [AWS Management Console](https://console.aws.amazon.com/). @@ -177,6 +174,7 @@ After you have accepted the private endpoint connection, you are redirected back ### Private endpoint status reference When you use private endpoint connections, the statuses of private endpoints or private endpoint services is displayed on your instance-level **Networking** page: + - switch to your target instance using the combo box in the upper-left corner, and then click **Settings** > **Networking** in the left navigation pane. The possible statuses of a private endpoint are explained as follows: From b6cffe1b55d7e1c15db018b8a28ad83abdb06d22 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Mon, 27 Oct 2025 14:23:33 +0800 Subject: [PATCH 10/27] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index ea49f842ba6a8..36eb58227c35b 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -27,7 +27,7 @@ For more detailed definitions of the private endpoint and endpoint service, see ## Restrictions -- Only the `Organization Owner` roles can create private endpoint connections. +- Only users with the `Organization Owner` role can create private endpoint connections. - The private endpoint and the TiDB instance to be connected must be located in the same region. ## Prerequisites From 7ec4de6878d01c8be7add883d64c39a6c46ff802 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Mon, 27 Oct 2025 14:46:58 +0800 Subject: [PATCH 11/27] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 36eb58227c35b..acc501c1cb863 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -127,7 +127,7 @@ To use the AWS Management Console to create a VPC interface endpoint, perform th > **Tip:** > -> You can view and manage private endpoint connections on your target TiDB instance, and then click **Settings** > **Networking** in the left navigation pane. +> You can view and manage private endpoint connections on the **Networking** page of your target TiDB instance. To access this page, click **Settings** > **Networking** in the left navigation pane. ### Step 4. Enable private DNS From 2dc7def397443b76f9436ca1303169250107f329 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Mon, 27 Oct 2025 14:56:40 +0800 Subject: [PATCH 12/27] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index acc501c1cb863..635b1030d1bda 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -183,7 +183,7 @@ The possible statuses of a private endpoint are explained as follows: - **Pending**: Waiting for processing. - **Active**: Your private endpoint is ready to use. You cannot edit a private endpoint in this status. - **Deleting**: The private endpoint is being deleted. -- **Failed**: The private endpoint creation fails. You can click **Edit** of that row to retry the creation. +- **Failed**: The private endpoint creation fails. You can click **Edit** in that row to retry the creation. The possible statuses of a private endpoint service are explained as follows: From 52c988f8708c490af168fb4dc2d7e256bbc053f9 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Mon, 27 Oct 2025 15:09:52 +0800 Subject: [PATCH 13/27] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 635b1030d1bda..6900d6b93ac29 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -195,6 +195,6 @@ The possible statuses of a private endpoint service are explained as follows: ### I cannot connect to a TiDB instance via a private endpoint after enabling private DNS. Why? -You might need to properly set the security group for your VPC endpoint in the AWS Management Console. Go to **VPC** > **Endpoints**. Right-click your VPC endpoint and select the proper **Manage security groups**. A proper security group within your VPC that allows inbound access from your EC2 instances on Port 4000 or a customer-defined port. +You might need to properly set the security group for your VPC endpoint in the AWS Management Console. To do so, go to **VPC** > **Endpoints**, right-click your VPC endpoint, and select **Manage security groups**. Ensure that the selected security group allows inbound access from your EC2 instances on port `4000` or a customer-defined port. ![Manage security groups](/media/tidb-cloud/private-endpoint/manage-security-groups.png) From 3427817b6fa8106762f0214e91586af0dd3983e1 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Mon, 27 Oct 2025 15:49:09 +0800 Subject: [PATCH 14/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: Lilian Lee --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 6900d6b93ac29..601b8e93e01ed 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -28,7 +28,7 @@ For more detailed definitions of the private endpoint and endpoint service, see ## Restrictions - Only users with the `Organization Owner` role can create private endpoint connections. -- The private endpoint and the TiDB instance to be connected must be located in the same region. +- The private endpoint and the TiDB instance you want to connect to must be located in the same region. ## Prerequisites Make sure that DNS hostnames and DNS resolution are both enabled in your AWS VPC settings. They are disabled by default when you create a VPC in the [AWS Management Console](https://console.aws.amazon.com/). From 1582e23afe09a82fa2c4f94430a65f3c64c64e0b Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Mon, 27 Oct 2025 15:49:21 +0800 Subject: [PATCH 15/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: Lilian Lee --- tidb-cloud/premium/connect-via-private-connection-premium.md | 1 + 1 file changed, 1 insertion(+) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 601b8e93e01ed..1dca57358b419 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -29,6 +29,7 @@ For more detailed definitions of the private endpoint and endpoint service, see - Only users with the `Organization Owner` role can create private endpoint connections. - The private endpoint and the TiDB instance you want to connect to must be located in the same region. + ## Prerequisites Make sure that DNS hostnames and DNS resolution are both enabled in your AWS VPC settings. They are disabled by default when you create a VPC in the [AWS Management Console](https://console.aws.amazon.com/). From a8a8c20e5b5a75cf14d6f9dd12e691fab3e6af0d Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Mon, 27 Oct 2025 15:49:33 +0800 Subject: [PATCH 16/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: Lilian Lee --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 1dca57358b419..6fcf333e778b1 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -113,7 +113,7 @@ To use the AWS Management Console to create a VPC interface endpoint, perform th > **Note:** > - > Make sure the selected security group allows inbound access from your EC2 instances on Port 4000 or a customer-defined port. + > Make sure the selected security group allows inbound access from your EC2 instances on port `4000` or a customer-defined port. 9. Click **Create endpoint**. From b48a9a418251b0d7f41b4c54dccc0caf270b3798 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Mon, 27 Oct 2025 15:50:07 +0800 Subject: [PATCH 17/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/connect-via-private-connection-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 6fcf333e778b1..68fbcd054776b 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -143,7 +143,7 @@ To enable private DNS using your AWS CLI, copy the following `aws ec2 modify-vpc aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${your_vpc_endpoint_id} --private-dns-enabled ``` -Alternatively, you can find the command on the **Networking** page of your instance. Locate the private endpoint and click **...*** > **Enable DNS** in the **Action** column. +Alternatively, you can find the command on the **Networking** page of your instance. Locate the private endpoint and click **...** > **Enable DNS** in the **Action** column.
From 90443ae2c5d37af7dc0d3805ddcbe4b37222bd3a Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Mon, 27 Oct 2025 15:50:35 +0800 Subject: [PATCH 18/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: Lilian Lee --- tidb-cloud/premium/connect-via-private-connection-premium.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index 68fbcd054776b..e2a5874ef2d7c 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -174,9 +174,10 @@ After you have accepted the private endpoint connection, you are redirected back ### Private endpoint status reference -When you use private endpoint connections, the statuses of private endpoints or private endpoint services is displayed on your instance-level **Networking** page: +When you use private endpoint connections, the statuses of private endpoints and private endpoint services are displayed on the instance-level **Networking** page: -- switch to your target instance using the combo box in the upper-left corner, and then click **Settings** > **Networking** in the left navigation pane. +1. Switch to your target instance using the combo box in the upper-left corner. +2. Click **Settings** > **Networking** in the left navigation pane. The possible statuses of a private endpoint are explained as follows: From 005cac86d82b2f5c7a53fab663cb82de0a93a0d1 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Mon, 27 Oct 2025 15:52:32 +0800 Subject: [PATCH 19/27] Update TOC-tidb-cloud-premium.md Co-authored-by: Lilian Lee --- TOC-tidb-cloud-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TOC-tidb-cloud-premium.md b/TOC-tidb-cloud-premium.md index 60e8f233e785d..6c7b3cf1a56da 100644 --- a/TOC-tidb-cloud-premium.md +++ b/TOC-tidb-cloud-premium.md @@ -135,7 +135,7 @@ - Connect to Your TiDB Cloud Cluster - [Connection Overview](/tidb-cloud/connect-to-tidb-cluster-serverless.md) - [Connect via Public Endpoint](/tidb-cloud/connect-via-standard-connection-serverless.md) - - [Connect via Private Endpoint with AWS](/tidb-cloud/premium/connect-via-private-connection-premium.md) + - [Connect via Private Endpoint with AWS](/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md) - [Connect via Private Endpoint with Alibaba Cloud](/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md) - [Back Up and Restore TiDB Cloud Data](/tidb-cloud/backup-and-restore-serverless.md) - Use an HTAP Cluster with TiFlash From a8afc7365dc482dbac807c5ab6cd238f571a05bf Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Mon, 27 Oct 2025 15:53:55 +0800 Subject: [PATCH 20/27] Update tidb-cloud/premium/connect-via-private-connection-premium.md Co-authored-by: Lilian Lee --- tidb-cloud/premium/connect-via-private-connection-premium.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-via-private-connection-premium.md index e2a5874ef2d7c..70a75f51a0579 100644 --- a/tidb-cloud/premium/connect-via-private-connection-premium.md +++ b/tidb-cloud/premium/connect-via-private-connection-premium.md @@ -9,8 +9,7 @@ This document describes how to connect to your TiDB Cloud Premium instance via [ > **Tip:** > -> - To learn how to connect to a {{{ .starter }}} cluster via AWS PrivateLink, see [Connect to {{{ .starter }}} via AWS PrivateLink](/tidb-cloud/set-up-private-endpoint-connections-serverless.md). -> - To learn how to connect to a TiDB Cloud Premium instance via private endpoint with Alibaba Cloud, see [Connect to a TiDB Cloud Premium instance via Alibaba Cloud Private Link](/tidb-cloud/connect-via-private-connection-premium-on-alicloud.md). +> To learn how to connect to a {{{ .starter }}} or {{{ .essential }}} cluster via AWS PrivateLink, see [Connect to {{{ .starter }}} or Essential via AWS PrivateLink](/tidb-cloud/set-up-private-endpoint-connections-serverless.md). TiDB Cloud supports highly secure and one-way access to the TiDB Cloud service hosted in an AWS VPC via [AWS PrivateLink](https://aws.amazon.com/privatelink), as if the service were in your own VPC. A private endpoint is exposed in your VPC and you can create a connection to the TiDB Cloud service via the endpoint with permission. From f57429b7ad6107a46521690358e441a41adba040 Mon Sep 17 00:00:00 2001 From: lilin90 Date: Mon, 27 Oct 2025 16:13:00 +0800 Subject: [PATCH 21/27] Update private endpoint connection docs for clarity Renamed the premium connection guide for AWS private endpoints and revised wording in the private endpoint setup documentation for improved clarity and consistency. Changes include role descriptions, port formatting, UI instructions, and troubleshooting steps. --- ...nect-to-premium-via-aws-private-endpoint.md.md} | 0 tidb-cloud/set-up-private-endpoint-connections.md | 14 +++++++------- 2 files changed, 7 insertions(+), 7 deletions(-) rename tidb-cloud/premium/{connect-via-private-connection-premium.md => connect-to-premium-via-aws-private-endpoint.md.md} (100%) diff --git a/tidb-cloud/premium/connect-via-private-connection-premium.md b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md.md similarity index 100% rename from tidb-cloud/premium/connect-via-private-connection-premium.md rename to tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md.md diff --git a/tidb-cloud/set-up-private-endpoint-connections.md b/tidb-cloud/set-up-private-endpoint-connections.md index bcc66559bdc1e..3e955203b5803 100644 --- a/tidb-cloud/set-up-private-endpoint-connections.md +++ b/tidb-cloud/set-up-private-endpoint-connections.md @@ -28,8 +28,8 @@ For more detailed definitions of the private endpoint and endpoint service, see ## Restrictions -- Only the `Organization Owner` and the `Project Owner` roles can create private endpoints. -- The private endpoint and the TiDB cluster to be connected must be located in the same region. +- Only users with the `Organization Owner` or `Project Owner` roles can create private endpoints. +- The private endpoint and the TiDB cluster you want to connect to must be located in the same region. In most scenarios, you are recommended to use private endpoint connection over VPC peering. However, in the following scenarios, you should use VPC peering instead of private endpoint connection: @@ -120,7 +120,7 @@ To use the AWS Management Console to create a VPC interface endpoint, perform th > **Note:** > - > Make sure the selected security group allows inbound access from your EC2 instances on Port 4000 or a customer-defined port. + > Make sure the selected security group allows inbound access from your EC2 instances on port `4000` or a customer-defined port. 9. Click **Create endpoint**. @@ -153,7 +153,7 @@ To enable private DNS using your AWS CLI, copy the following `aws ec2 modify-vpc aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${your_vpc_endpoint_id} --private-dns-enabled ``` -Alternatively, you can find the command on the **Networking** page of your cluster. Locate the private endpoint and click **...*** > **Enable DNS** in the **Action** column. +Alternatively, you can find the command on the **Networking** page of your cluster. Locate the private endpoint and click **...** > **Enable DNS** in the **Action** column.
@@ -184,7 +184,7 @@ After you have accepted the private endpoint connection, you are redirected back ### Private endpoint status reference -When you use private endpoint connections, the statuses of private endpoints or private endpoint services are displayed on the following pages: +When you use private endpoint connections, the statuses of private endpoints and private endpoint services are displayed on the following pages: - Cluster-level **Networking** page: switch to your target cluster using the combo box in the upper-left corner, and then click **Settings** > **Networking** in the left navigation pane. - Project-level **Network Access** page: switch to your target project using the combo box in the upper-left corner, and then click **Project Settings** > **Network Access** in the left navigation pane. @@ -195,7 +195,7 @@ The possible statuses of a private endpoint are explained as follows: - **Pending**: Waiting for processing. - **Active**: Your private endpoint is ready to use. You cannot edit the private endpoint of this status. - **Deleting**: The private endpoint is being deleted. -- **Failed**: The private endpoint creation fails. You can click **Edit** of that row to retry the creation. +- **Failed**: The private endpoint creation fails. You can click **Edit** in that row to retry the creation. The possible statuses of a private endpoint service are explained as follows: @@ -207,6 +207,6 @@ The possible statuses of a private endpoint service are explained as follows: ### I cannot connect to a TiDB cluster via a private endpoint after enabling private DNS. Why? -You might need to properly set the security group for your VPC endpoint in the AWS Management Console. Go to **VPC** > **Endpoints**. Right-click your VPC endpoint and select the proper **Manage security groups**. A proper security group within your VPC that allows inbound access from your EC2 instances on Port 4000 or a customer-defined port. +You might need to properly set the security group for your VPC endpoint in the AWS Management Console. Go to **VPC** > **Endpoints**. To do so, go to **VPC** > **Endpoints**, right-click your VPC endpoint, and select **Manage security groups**. Ensure that the selected security group allows inbound access from your EC2 instances on port `4000` or a customer-defined port. ![Manage security groups](/media/tidb-cloud/private-endpoint/manage-security-groups.png) From 37c0becb5c81a7ca8c24d17272f29e0a18ce0989 Mon Sep 17 00:00:00 2001 From: lilin90 Date: Mon, 27 Oct 2025 16:16:27 +0800 Subject: [PATCH 22/27] Rename AWS private endpoint guide file Renamed 'connect-to-premium-via-aws-private-endpoint.md.md' to 'connect-to-premium-via-aws-private-endpoint.md' for consistency and to remove redundant file extension. --- ...point.md.md => connect-to-premium-via-aws-private-endpoint.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tidb-cloud/premium/{connect-to-premium-via-aws-private-endpoint.md.md => connect-to-premium-via-aws-private-endpoint.md} (100%) diff --git a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md.md b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md similarity index 100% rename from tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md.md rename to tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md From e6fb1fe8333eb30f53b5e1ff72060e6b6f7a83aa Mon Sep 17 00:00:00 2001 From: lilin90 Date: Mon, 27 Oct 2025 16:31:03 +0800 Subject: [PATCH 23/27] Replace hardcoded Premium instance name with template variable Updated references to 'TiDB Cloud Premium instance' in the AWS PrivateLink connection guide to use the '{{{ .premium }}}' template variable for improved maintainability and consistency. --- .../connect-to-premium-via-aws-private-endpoint.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md index 70a75f51a0579..5cd8fbad1fd5f 100644 --- a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md +++ b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md @@ -1,11 +1,11 @@ --- -title: Connect to a TiDB Cloud Premium instance via AWS PrivateLink -summary: Learn how to connect to your TiDB Cloud Premium instance via private endpoint with AWS. +title: Connect to a {{{ .premium }}} instance via AWS PrivateLink +summary: Learn how to connect to your {{{ .premium }}} instance via private endpoint with AWS. --- -# Connect to a TiDB Cloud Premium instance via AWS PrivateLink +# Connect to a {{{ .premium }}} instance via AWS PrivateLink -This document describes how to connect to your TiDB Cloud Premium instance via [AWS PrivateLink](https://aws.amazon.com/privatelink). +This document describes how to connect to your {{{ .premium }}} instance via [AWS PrivateLink](https://aws.amazon.com/privatelink). > **Tip:** > @@ -35,7 +35,7 @@ Make sure that DNS hostnames and DNS resolution are both enabled in your AWS VPC ## Set up a private endpoint connection and connect to your instance -To connect to your TiDB Cloud Premium instance via a private endpoint, follow these steps: +To connect to your {{{ .premium }}} instance via a private endpoint, follow these steps: 1. [Select a TiDB instance](#step-1-select-a-tidb-instance) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) @@ -59,7 +59,7 @@ If you have multiple instances, you need to repeat these steps for each instance > **Note:** > -> For each TiDB Cloud Premium instance, the corresponding endpoint service is automatically created 3 to 4 minutes after the instance creation. +> For each {{{ .premium }}} instance, the corresponding endpoint service is automatically created 3 to 4 minutes after the instance creation. If you see the `TiDB Private Link Service is ready` message, the corresponding endpoint service is ready. You can provide the following information to create the endpoint. From 2a04228242ac323863f7d5ecf3cf67dae9f5f2f0 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Mon, 27 Oct 2025 16:33:50 +0800 Subject: [PATCH 24/27] Update title capitalization for style consistency --- .../premium/connect-to-premium-via-aws-private-endpoint.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md index 5cd8fbad1fd5f..f29323475e3d3 100644 --- a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md +++ b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md @@ -1,9 +1,9 @@ --- -title: Connect to a {{{ .premium }}} instance via AWS PrivateLink +title: Connect to a {{{ .premium }}} Instance via AWS PrivateLink summary: Learn how to connect to your {{{ .premium }}} instance via private endpoint with AWS. --- -# Connect to a {{{ .premium }}} instance via AWS PrivateLink +# Connect to a {{{ .premium }}} Instance via AWS PrivateLink This document describes how to connect to your {{{ .premium }}} instance via [AWS PrivateLink](https://aws.amazon.com/privatelink). From eb4e58fd9ba30e854352a76b029d7608316e421c Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Tue, 28 Oct 2025 14:49:23 +0800 Subject: [PATCH 25/27] Update ui wording --- .../premium/connect-to-premium-via-aws-private-endpoint.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md index f29323475e3d3..31fee82203f77 100644 --- a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md +++ b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md @@ -47,7 +47,7 @@ If you have multiple instances, you need to repeat these steps for each instance ### Step 1. Select a TiDB instance -1. On the [**Instances**](https://tidbcloud.com/tidbs?orgId=1372813089208281461&uiMode=new-offerings-preview) page of your TiDB Cloud web console, click the name of your target TiDB instance to go to its overview page. +1. On the [**TiDB Instances**](https://tidbcloud.com/tidbs?orgId=1372813089208281461&uiMode=new-offerings-preview) page of your TiDB Cloud web console, click the name of your target TiDB instance to go to its overview page. 2. Click **Connect** in the upper-right corner. A connection dialog is displayed. 3. In the **Connection Type** drop-down list, select **Private Endpoint**, and then click **Create Private Endpoint Connection**. From c3669cdfbc067f87f4b6e8f600d6a6cb7ac03432 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Tue, 28 Oct 2025 14:58:38 +0800 Subject: [PATCH 26/27] Update a link --- .../premium/connect-to-premium-via-aws-private-endpoint.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md index 31fee82203f77..41e75ea1584f6 100644 --- a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md +++ b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md @@ -47,7 +47,7 @@ If you have multiple instances, you need to repeat these steps for each instance ### Step 1. Select a TiDB instance -1. On the [**TiDB Instances**](https://tidbcloud.com/tidbs?orgId=1372813089208281461&uiMode=new-offerings-preview) page of your TiDB Cloud web console, click the name of your target TiDB instance to go to its overview page. +1. On the [**TiDB Instances**](https://tidbcloud.com/tidbs) page of your TiDB Cloud web console, click the name of your target TiDB instance to go to its overview page. 2. Click **Connect** in the upper-right corner. A connection dialog is displayed. 3. In the **Connection Type** drop-down list, select **Private Endpoint**, and then click **Create Private Endpoint Connection**. From 854160f0211349a0aa2fc2521ce13cb706d1efea Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Wed, 29 Oct 2025 14:16:21 +0800 Subject: [PATCH 27/27] Update wording --- tidb-cloud/set-up-private-endpoint-connections.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections.md b/tidb-cloud/set-up-private-endpoint-connections.md index 3e955203b5803..ecc47ba6cca76 100644 --- a/tidb-cloud/set-up-private-endpoint-connections.md +++ b/tidb-cloud/set-up-private-endpoint-connections.md @@ -28,7 +28,7 @@ For more detailed definitions of the private endpoint and endpoint service, see ## Restrictions -- Only users with the `Organization Owner` or `Project Owner` roles can create private endpoints. +- Only users with the `Organization Owner` or `Project Owner` role can create private endpoints. - The private endpoint and the TiDB cluster you want to connect to must be located in the same region. In most scenarios, you are recommended to use private endpoint connection over VPC peering. However, in the following scenarios, you should use VPC peering instead of private endpoint connection: