diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 9159a26c6ea94..468db50a7d112 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -41,7 +41,7 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} instance via a private 1. [Choose a {{{ .starter }}} or Essential instance](#step-1-choose-a-tidb-instance) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) -3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +3. [Authorize your private endpoint in TiDB Cloud (optional)](#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional) 4. [Connect to your {{{ .starter }}} or Essential instance](#step-4-connect-to-your-tidb) ### Step 1. Choose a {{{ .starter }}} or Essential instance {#step-1-choose-a-tidb-instance} @@ -103,9 +103,13 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3. Authorize your private endpoint in TiDB Cloud +### Step 3. Authorize your private endpoint in TiDB Cloud (optional) -After creating the AWS interface endpoint, you must add it to the allowlist of your target {{{ .starter }}} or {{{ .essential }}} instance. +> **Note:** +> +> This step is optional. You only need to configure **Authorized Networks** when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. + +After creating the AWS interface endpoint, you can authorize it for your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access. 1. On the [**My TiDB**](https://tidbcloud.com/tidbs) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} instance to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. @@ -117,8 +121,9 @@ After creating the AWS interface endpoint, you must add it to the allowlist of y - **Your VPC Endpoint ID**: paste your 22-character VPC Endpoint ID from the AWS Management Console (starts with `vpce-`). > **Tip:** - > - > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. + > + > - If you leave the **Authorized Networks** table empty, all private endpoint connections are allowed by default. + > - To allow all private endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. 5. Click **Submit**.