Add an Azure Private Link Connection

  • how-to
    Add an Azure Private Link connection that peers your Azure network with a Capella database using Azure as its cloud provider. This connection can reduce latency and egress costs for applications hosted in the same region.
    Azure Private Link connections do not support cross data center replication (XDCR) or Prometheus metrics.


    To add an Azure Private Link connection, you need:

    • The Project Owner role assigned to your user account.

    • A project in your organization.

      For more information about projects in Capella, see Projects Overview.

    • A database in your project with:

      • Microsoft Azure as its cloud provider.

      • Multiple availability zones.

      • The Developer Pro or Enterprise service plan.

      For more information about how to create a database, see Create a Database.

    • Information about your Azure network:

      • The Azure Resource Group name.

      • The Azure Virtual Network/Subnet name.

    • A BASH-like shell.

    • The Azure Command-Line Interface (CLI) installed and configured.

    The Microsoft Azure portal can also help you monitor your progress and find resource information.


    To add an Azure Private Link connection, you need the Capella UI and the Azure CLI.

    1. In Capella, enable Private Endpoints:

      Enabling Private Endpoints bills your account hourly for Azure Private Link unless you turn off this option.
      1. View the database where you want to add an Azure Private Link connection.

      2. Select the Settings tab.

      3. In the navigation pane, under the Networking section, select Private Endpoints.

      4. Click Enable Private Endpoints.

        It can take several minutes for Capella to enable private endpoints. When private endpoints are available, the page shows all the controls you need to manage private endpoints in Capella.

    2. Click Add Private Endpoint.

    3. In the Provide Private Endpoint Details section, add the following information:

      Field Value

      Resource Group Name

      Enter your Azure resource group name

      Virtual Network/Subnet

      Enter your Azure virtual network and subnet in the following format: example-virtual-network/default-subnet.

    4. Click Next.

    5. Download and run the shell script provided by Capella:

      This script is only compatible with BASH-like shells.
      1. In the Run the following script area, click Download Script.

      2. With Azure CLI installed and signed in, run the downloaded script in your terminal.

        This script contains commands to create the private endpoint and related resources in your chosen Azure resource group. When successful, the provisioning details are output. It can take a few minutes to complete.

    6. In Capella, the new interface endpoint is now shown and has a Pending Acceptance status. Click its Accept button.

      Returning to the Private Endpoints page in Capella, the new private endpoint shows a Linked status once the connection is accepted. This process can take a few minutes.

    Next Steps

    You can verify this connection in the Azure portal by opening the private endpoint resource. The overview page shows an Approved connection status when the configuration is successful.