From 04d97b7baf37f94a6fb26a978f329e74444b0896 Mon Sep 17 00:00:00 2001 From: clark1013 Date: Fri, 1 May 2026 22:23:02 +0800 Subject: [PATCH 1/7] cloud: mark Step 3 as optional in serverless private endpoint doc Clarify that authorizing private endpoints is only needed when restricting access, and that leaving Authorized Networks empty allows all connections. Co-Authored-By: Claude Opus 4.7 --- ...p-private-endpoint-connections-serverless.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 9159a26c6ea94..47fa3b1caa127 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -41,7 +41,7 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} instance via a private 1. [Choose a {{{ .starter }}} or Essential instance](#step-1-choose-a-tidb-instance) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) -3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +3. [Authorize your private endpoint in TiDB Cloud (Optional)](#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional) 4. [Connect to your {{{ .starter }}} or Essential instance](#step-4-connect-to-your-tidb) ### Step 1. Choose a {{{ .starter }}} or Essential instance {#step-1-choose-a-tidb-instance} @@ -103,9 +103,15 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3. Authorize your private endpoint in TiDB Cloud +### Step 3. Authorize your private endpoint in TiDB Cloud (Optional) -After creating the AWS interface endpoint, you must add it to the allowlist of your target {{{ .starter }}} or {{{ .essential }}} instance. + + +This step is optional. You only need to configure authorized networks when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. + + + +After creating the AWS interface endpoint, you can add it to the allowlist of your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access. 1. On the [**My TiDB**](https://tidbcloud.com/tidbs) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} instance to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. @@ -117,8 +123,9 @@ After creating the AWS interface endpoint, you must add it to the allowlist of y - **Your VPC Endpoint ID**: paste your 22-character VPC Endpoint ID from the AWS Management Console (starts with `vpce-`). > **Tip:** - > - > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. + > + > - If you leave the **Authorized Networks** table empty (that is, no rules are added), all private endpoint connections are allowed by default. You only need to add rules when you want to restrict access to specific private endpoint connections. + > - To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. 5. Click **Submit**. From 76cfb136ed21646670a9373f9b29d589198fa302 Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:07:54 +0800 Subject: [PATCH 2/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 47fa3b1caa127..ed13fddbcea3c 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -41,7 +41,7 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} instance via a private 1. [Choose a {{{ .starter }}} or Essential instance](#step-1-choose-a-tidb-instance) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) -3. [Authorize your private endpoint in TiDB Cloud (Optional)](#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional) +3. [Authorize your private endpoint in TiDB Cloud (optional)](#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional) 4. [Connect to your {{{ .starter }}} or Essential instance](#step-4-connect-to-your-tidb) ### Step 1. Choose a {{{ .starter }}} or Essential instance {#step-1-choose-a-tidb-instance} From f80d11c40529463c283672cccca7c97b1f4a0ef3 Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:08:07 +0800 Subject: [PATCH 3/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index ed13fddbcea3c..22b6680091656 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -107,7 +107,7 @@ Then you can connect to the endpoint service with the private DNS name. -This step is optional. You only need to configure authorized networks when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. +This step is optional. You only need to configure **Authorized Networks** when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. From 2e945d4f1cbf6e5a386bdecde4509ad9fd49d57b Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:08:25 +0800 Subject: [PATCH 4/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 22b6680091656..6661b8d6954e7 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -103,7 +103,7 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3. Authorize your private endpoint in TiDB Cloud (Optional) +### Step 3. Authorize your private endpoint in TiDB Cloud (optional) {#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional} From 66f02452799d8192197ac59bda56db7c7a802b5a Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:08:46 +0800 Subject: [PATCH 5/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 6661b8d6954e7..295e6e1edaf02 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -111,7 +111,7 @@ This step is optional. You only need to configure **Authorized Networks** when y -After creating the AWS interface endpoint, you can add it to the allowlist of your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access. +After creating the AWS interface endpoint, you can authorize it for your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access. 1. On the [**My TiDB**](https://tidbcloud.com/tidbs) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} instance to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. From 8803efaf12c82895f350441cc9fe1f1f73c13130 Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:09:13 +0800 Subject: [PATCH 6/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 295e6e1edaf02..31c1729cbc585 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -124,8 +124,8 @@ After creating the AWS interface endpoint, you can authorize it for your target > **Tip:** > - > - If you leave the **Authorized Networks** table empty (that is, no rules are added), all private endpoint connections are allowed by default. You only need to add rules when you want to restrict access to specific private endpoint connections. - > - To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. + > - If you leave the **Authorized Networks** table empty, all private endpoint connections are allowed by default. + > - To allow all private endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. 5. Click **Submit**. From 88ba9613edd81fc086a9d1dfee0b37f04dece28d Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Tue, 5 May 2026 17:38:51 +0800 Subject: [PATCH 7/7] Update heading anchor and note format --- .../set-up-private-endpoint-connections-serverless.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 31c1729cbc585..468db50a7d112 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -103,13 +103,11 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3. Authorize your private endpoint in TiDB Cloud (optional) {#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional} +### Step 3. Authorize your private endpoint in TiDB Cloud (optional) - - -This step is optional. You only need to configure **Authorized Networks** when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. - - +> **Note:** +> +> This step is optional. You only need to configure **Authorized Networks** when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. After creating the AWS interface endpoint, you can authorize it for your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access.