update MD by dispatch event pingcap/docs release-8.5

Author: github-actions

markdown-pages/en/tidbcloud/master/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md

@@ -22,7 +22,8 @@ To connect to your TiDB Cloud Starter or TiDB Cloud Essential cluster via a priv
 
 1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster)
 2. [Create a private endpoint on Alibaba Cloud](#step-2-create-a-private-endpoint-on-alibaba-cloud)
-3. [Connect to your TiDB cluster using the private endpoint](#step-3-connect-to-your-tidb-cluster-using-the-private-endpoint)
+3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud)
+4. [Connect to your TiDB cluster using the private endpoint](#step-4-connect-to-your-tidb-cluster-using-the-private-endpoint)
 
 ### Step 1. Choose a TiDB cluster
 
@@ -50,7 +51,26 @@ To use the Alibaba Cloud Management Console to create a VPC interface endpoint,
 8. Click **OK** to create the endpoint.
 9. Wait for the endpoint status to become **Active** and the connection status to become **Connected**.
 
-### Step 3: Connect to your TiDB cluster using the private endpoint
+### Step 3. Authorize your private endpoint in TiDB Cloud
+
+After creating the interface endpoint on Alibaba Cloud, you must add it to your cluster's allowlist.
+
+1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target TiDB Cloud Starter or TiDB Cloud Essential cluster to go to its overview page.
+2. Click **Settings** > **Networking** in the left navigation pane.
+3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table.
+4. Click **Add Rule** to add a firewall rule.
+
+    - **Endpoint Service Name**: paste the service name you got from [Step 1](#step-1-choose-a-tidb-cluster).
+    - **Firewall Rule Name**: enter a name to identify this connection.
+    - **Your Endpoint ID**: paste your 23-character endpoint ID from the Alibaba Cloud Management Console (starts with `ep-`).
+
+    > **Tip:**
+    > 
+    > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your Endpoint ID** field.
+
+5. Click **Submit**.
+
+### Step 4. Connect to your TiDB cluster using the private endpoint
 
 After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps:
 

markdown-pages/en/tidbcloud/master/tidb-cloud/set-up-private-endpoint-connections-serverless.md

@@ -41,7 +41,8 @@ To connect to your TiDB Cloud Starter or TiDB Cloud Essential cluster via a priv
 
 1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster)
 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint)
-3. [Connect to your TiDB cluster](#step-3-connect-to-your-tidb-cluster)
+3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud)
+4. [Connect to your TiDB cluster](#step-4-connect-to-your-tidb-cluster)
 
 ### Step 1. Choose a TiDB cluster
 
@@ -102,7 +103,26 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv
 
 Then you can connect to the endpoint service with the private DNS name.
 
-### Step 3: Connect to your TiDB cluster
+### Step 3. Authorize your private endpoint in TiDB Cloud
+
+After creating the AWS interface endpoint, you must add it to your cluster's allowlist.
+
+1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target TiDB Cloud Starter or TiDB Cloud Essential cluster to go to its overview page.
+2. Click **Settings** > **Networking** in the left navigation pane.
+3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table.
+4. Click **Add Rule** to add a firewall rule.
+
+    - **Endpoint Service Name**: paste the service name you got from [Step 1](#step-1-choose-a-tidb-cluster).
+    - **Firewall Rule Name**: enter a name to identify this connection.
+    - **Your VPC Endpoint ID**: paste your 22-character VPC Endpoint ID from the AWS Management Console (starts with `vpce-`).
+
+    > **Tip:**
+    > 
+    > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field.
+
+5. Click **Submit**.
+
+### Step 4. Connect to your TiDB cluster
 
 After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps: