From 7f45644cb34d29accb0c7993efc621159bead0d7 Mon Sep 17 00:00:00 2001 From: clark1013 Date: Fri, 1 May 2026 22:23:02 +0800 Subject: [PATCH 1/7] cloud: mark Step 3 as optional in serverless private endpoint doc Clarify that authorizing private endpoints is only needed when restricting access, and that leaving Authorized Networks empty allows all connections. Co-Authored-By: Claude Opus 4.7 --- ...p-private-endpoint-connections-serverless.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 9159a26c6ea94..47fa3b1caa127 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -41,7 +41,7 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} instance via a private 1. [Choose a {{{ .starter }}} or Essential instance](#step-1-choose-a-tidb-instance) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) -3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +3. [Authorize your private endpoint in TiDB Cloud (Optional)](#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional) 4. [Connect to your {{{ .starter }}} or Essential instance](#step-4-connect-to-your-tidb) ### Step 1. Choose a {{{ .starter }}} or Essential instance {#step-1-choose-a-tidb-instance} @@ -103,9 +103,15 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3. Authorize your private endpoint in TiDB Cloud +### Step 3. Authorize your private endpoint in TiDB Cloud (Optional) -After creating the AWS interface endpoint, you must add it to the allowlist of your target {{{ .starter }}} or {{{ .essential }}} instance. + + +This step is optional. You only need to configure authorized networks when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. + + + +After creating the AWS interface endpoint, you can add it to the allowlist of your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access. 1. On the [**My TiDB**](https://tidbcloud.com/tidbs) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} instance to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. @@ -117,8 +123,9 @@ After creating the AWS interface endpoint, you must add it to the allowlist of y - **Your VPC Endpoint ID**: paste your 22-character VPC Endpoint ID from the AWS Management Console (starts with `vpce-`). > **Tip:** - > - > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. + > + > - If you leave the **Authorized Networks** table empty (that is, no rules are added), all private endpoint connections are allowed by default. You only need to add rules when you want to restrict access to specific private endpoint connections. + > - To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. 5. Click **Submit**. From bd20282e504698ea92494840165d1c9d1a7d70ca Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:07:54 +0800 Subject: [PATCH 2/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 47fa3b1caa127..ed13fddbcea3c 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -41,7 +41,7 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} instance via a private 1. [Choose a {{{ .starter }}} or Essential instance](#step-1-choose-a-tidb-instance) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) -3. [Authorize your private endpoint in TiDB Cloud (Optional)](#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional) +3. [Authorize your private endpoint in TiDB Cloud (optional)](#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional) 4. [Connect to your {{{ .starter }}} or Essential instance](#step-4-connect-to-your-tidb) ### Step 1. Choose a {{{ .starter }}} or Essential instance {#step-1-choose-a-tidb-instance} From aa37720fc029aae0e6f1acee34ec30d20feb1698 Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:08:07 +0800 Subject: [PATCH 3/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index ed13fddbcea3c..22b6680091656 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -107,7 +107,7 @@ Then you can connect to the endpoint service with the private DNS name. -This step is optional. You only need to configure authorized networks when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. +This step is optional. You only need to configure **Authorized Networks** when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. From 59ef919c254b264d0ef1d856ebb935d8aacaa1a2 Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:08:25 +0800 Subject: [PATCH 4/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 22b6680091656..6661b8d6954e7 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -103,7 +103,7 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3. Authorize your private endpoint in TiDB Cloud (Optional) +### Step 3. Authorize your private endpoint in TiDB Cloud (optional) {#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional} From c810bb5cbdf4666006af0aceb0f21566d5708884 Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:08:46 +0800 Subject: [PATCH 5/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 6661b8d6954e7..295e6e1edaf02 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -111,7 +111,7 @@ This step is optional. You only need to configure **Authorized Networks** when y -After creating the AWS interface endpoint, you can add it to the allowlist of your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access. +After creating the AWS interface endpoint, you can authorize it for your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access. 1. On the [**My TiDB**](https://tidbcloud.com/tidbs) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} instance to go to its overview page. 2. Click **Settings** > **Networking** in the left navigation pane. From 650b09c53fe89ee526d2ebe28547334f4760bccc Mon Sep 17 00:00:00 2001 From: clark1013 Date: Tue, 5 May 2026 16:09:13 +0800 Subject: [PATCH 6/7] Update tidb-cloud/set-up-private-endpoint-connections-serverless.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/set-up-private-endpoint-connections-serverless.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 295e6e1edaf02..31c1729cbc585 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -124,8 +124,8 @@ After creating the AWS interface endpoint, you can authorize it for your target > **Tip:** > - > - If you leave the **Authorized Networks** table empty (that is, no rules are added), all private endpoint connections are allowed by default. You only need to add rules when you want to restrict access to specific private endpoint connections. - > - To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. + > - If you leave the **Authorized Networks** table empty, all private endpoint connections are allowed by default. + > - To allow all private endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. 5. Click **Submit**. From 8312c65a917a822f55091790997b9d21a9105306 Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Tue, 5 May 2026 17:38:51 +0800 Subject: [PATCH 7/7] Update heading anchor and note format --- .../set-up-private-endpoint-connections-serverless.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index 31c1729cbc585..468db50a7d112 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -103,13 +103,11 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3. Authorize your private endpoint in TiDB Cloud (optional) {#step-3-authorize-your-private-endpoint-in-tidb-cloud-optional} +### Step 3. Authorize your private endpoint in TiDB Cloud (optional) - - -This step is optional. You only need to configure **Authorized Networks** when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. - - +> **Note:** +> +> This step is optional. You only need to configure **Authorized Networks** when you want to restrict access to specific private endpoint connections. If no rules are configured, all private endpoint connections are allowed by default. After creating the AWS interface endpoint, you can authorize it for your target {{{ .starter }}} or {{{ .essential }}} instance to restrict access.