pingcap · ti-chi-bot · Nov 5, 2025 · Oct 22, 2025 · Oct 22, 2025 · Oct 22, 2025
diff --git a/TOC-tidb-cloud-premium.md b/TOC-tidb-cloud-premium.md
@@ -136,7 +136,7 @@
       - [Connection Overview](/tidb-cloud/premium/connect-to-tidb-instance.md)
       - [Connect via Public Endpoint](/tidb-cloud/premium/connect-to-premium-via-public-connection.md)
       - [Connect via Private Endpoint with AWS](/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md)
-      - [Connect via Private Endpoint with Alibaba Cloud](/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md)
+      - [Connect via Private Endpoint with Alibaba Cloud](/tidb-cloud/premium/connect-to-premium-via-alibaba-cloud-private-endpoint.md)
     - [Back Up and Restore TiDB Cloud Data](/tidb-cloud/premium/backup-and-restore-premium.md)
   - Use an HTAP Cluster with TiFlash
     - [TiFlash Overview](/tiflash/tiflash-overview.md)
@@ -238,7 +238,8 @@
     - [OAuth 2.0](/tidb-cloud/oauth2.md)
   - Network Access Control
     - [Configure an IP Access List](/tidb-cloud/premium/configure-ip-access-list-premium.md)
-    - [Connect via Private Endpoint with Alibaba Cloud](/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md)
+    - [Connect via Private Endpoint with AWS](/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md)
+    - [Connect via Private Endpoint with Alibaba Cloud](/tidb-cloud/premium/connect-to-premium-via-alibaba-cloud-private-endpoint.md)
     - [Configure Firewall Rules for Public Endpoints](/tidb-cloud/configure-serverless-firewall-rules-for-public-endpoints.md)
   - Audit Management
     - [Console Audit Logging](/tidb-cloud/tidb-cloud-console-auditing.md)

diff --git a/media/tidb-cloud/private-endpoint/alicloud-private-endpoint-info.png b/media/tidb-cloud/private-endpoint/alicloud-private-endpoint-info.png
diff --git a/tidb-cloud/premium/connect-to-premium-via-alibaba-cloud-private-endpoint.md b/tidb-cloud/premium/connect-to-premium-via-alibaba-cloud-private-endpoint.md
@@ -0,0 +1,88 @@
+---
+title: Connect to {{{ .premium }}} via Alibaba Cloud Private Endpoint
+summary: Learn how to connect to your {{{ .premium }}} instance via a private endpoint on Alibaba Cloud.
+---
+
+# Connect to {{{ .premium }}} via Alibaba Cloud Private Endpoint
+
+This document describes how to connect to your {{{ .premium }}} instance via a private endpoint on Alibaba Cloud. Connecting through a private endpoint enables secure and private communication between your services and your TiDB instance without using the public internet.
+
+> **Tip:**
+>
+> To learn how to connect to a {{{ .premium }}} instance via AWS PrivateLink, see [Connect to {{{ .premium }}} via AWS PrivateLink](/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md).
+
+## Restrictions
+
+- Currently, TiDB Premium supports private endpoint connections when the endpoint service is hosted on AWS or Alibaba Cloud. If the service is hosted on another cloud provider, the private endpoint is not applicable.
+- Cross-region private endpoint connections are not supported.
+
+## Set up a private endpoint with Alibaba Cloud
+
+To connect to your Premium instance via a private endpoint, perform the following steps.
+
+### Step 1. Choose a TiDB instance
+
+1. On the [**TiDB Instances**](https://{{{.console-url}}}/instances) page, click the name of your target TiDB instance to go to its overview page.
+2. Click **Connect** in the upper-right corner. A connection dialog is displayed.
+3. In the **Connection Type** drop-down list, select **Private Endpoint**.
+4. Take a note of **Service Name**, **Availability Zone ID**, and **Region ID**.
+
+### Step 2. Create a private endpoint on Alibaba Cloud
+
+To use the Alibaba Cloud Management Console to create a VPC interface endpoint, perform the following steps:
+
+1. Sign in to the [Alibaba Cloud Management Console](https://account.alibabacloud.com/login/login.htm).
+2. Navigate to **VPC** > **Endpoints**.
+3. Click the **Interface Endpoints** tab, and then click **Create Endpoint**.
+4. Fill in the endpoint details:
+    - **Region**: select the same region as your TiDB Cloud instance.
+    - **Endpoint Name**: enter a name for the endpoint.
+    - **Endpoint Type**: choose **Interface Endpoint**.
+    - **Endpoint Service**: select **Other Endpoint Services**.
+5. In the **Endpoint Service Name** field, paste the service name you copied from TiDB Cloud.
+6. Click **Verify**. A green check mark indicates that the service is valid.
+7. Choose the **VPC**, **Security Group**, and **Zone** to associate with the endpoint.
+8. Click **OK** to create the endpoint.
+9. Wait until the endpoint status is **Active** and the connection status is **Connected**.
+
+After creating the interface endpoint, navigate to the **EndPoints** page and select the newly created endpoint.
+
+- In the **Basic Information** section, copy the **Endpoint ID**. You will use this value later as the *Endpoint Resource ID*.
+
+- In the **Domain name of Endpoint Service** section, copy the **Default Domain Name**. You will use this value later as the *Domain Name*.
+
+    ![AliCloud private endpoint Information](/media/tidb-cloud/private-endpoint/alicloud-private-endpoint-info.png)
+
+### Step 3. Accept the endpoint and create the endpoint connection
+
+1. Return to the **Create Alibaba Cloud Private Endpoint Connection** dialog in the TiDB Cloud console.
+
+2. Paste the *Endpoint Resource ID* and *Domain Name* that you copied earlier into the corresponding fields.
+
+3. Click **Create Private Endpoint Connection** to accept the connection from your private endpoint.
+
+### Step 4. Connect to your TiDB instance
+
+After you have accepted the endpoint connection, you are redirected back to the connection dialog.
+
+1. Wait for the private endpoint connection status to become **Active** (approximately 5 minutes). To check the status, navigate to the **Networking** page by clicking **Settings** > **Networking** in the left navigation pane.
+
+2. In the **Connect With** drop-down list, select your preferred connection method. The corresponding connection string is displayed at the bottom of the dialog.
+
+3. Connect to your instance using the connection string.
+
+## Private endpoint status reference
+
+To view the statuses of private endpoints or private endpoint services, navigate to the **Networking** page by clicking **Settings** > **Networking** in the left navigation pane.
+
+The possible statuses of a private endpoint are explained as follows:
+
+- **Pending**: waiting for processing.
+- **Active**: the private endpoint is ready for use.
+- **Deleting**: the private endpoint is being deleted.
+- **Failed**: the private endpoint creation fails. You can delete the private endpoint and create a new one.
+
+The possible statuses of a private endpoint service are explained as follows:
+
+- **Creating**: the endpoint service is being created, which takes 3 to 5 minutes.
+- **Active**: the endpoint service is created, no matter whether the private endpoint is created or not.
diff --git a/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md b/tidb-cloud/premium/connect-to-premium-via-aws-private-endpoint.md
@@ -1,9 +1,9 @@
 ---
-title: Connect to a {{{ .premium }}} Instance via AWS PrivateLink
+title: Connect to {{{ .premium }}} via AWS PrivateLink
 summary: Learn how to connect to your {{{ .premium }}} instance via private endpoint with AWS.
 ---
 
-# Connect to a {{{ .premium }}} Instance via AWS PrivateLink
+# Connect to {{{ .premium }}} via AWS PrivateLink
 
 This document describes how to connect to your {{{ .premium }}} instance via [AWS PrivateLink](https://aws.amazon.com/privatelink).
 
@@ -165,7 +165,7 @@ After you have accepted the private endpoint connection, you are redirected back
 
 1. Wait for the private endpoint connection status to change from **System Checking** to **Active** (approximately 5 minutes).
 2. In the **Connect With** drop-down list, select your preferred connection method. The corresponding connection string is displayed at the bottom of the dialog.
-3. Connect to your instance with the connection string.
+3. Connect to your instance using the connection string.
 
 > **Tip:**
 >

diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md
@@ -14,7 +14,7 @@ This tutorial walks you through the steps to connect to your {{{ .starter }}} or
 ## Restrictions
 
 - Currently, {{{ .starter }}} and {{{ .essential }}} support private endpoint connections when the endpoint service is hosted on AWS or Alibaba Cloud. If the service is hosted on another cloud provider, the private endpoint is not applicable.
-- Private endpoint connection across regions is not supported.
+- Cross-region private endpoint connections is not supported.
 
 ## Set up a private endpoint with Alibaba Cloud
 
@@ -44,7 +44,7 @@ To use the Alibaba Cloud Management Console to create a VPC interface endpoint,
     - **Endpoint Type**: select **Interface Endpoint**.
     - **Endpoint Service**: select **Other Endpoint Services**.
 
-5. Paste the **Endpoint Service Name** you copied from TiDB Cloud.
+5. In the **Endpoint Service Name** field, paste the service name you copied from TiDB Cloud.
 6. Click **Verify**. A green check will appear if the service is valid.
 7. Choose the **VPC**, **Security Group**, and **Zone** to use for the endpoint.
 8. Click **OK** to create the endpoint.

diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md
@@ -29,7 +29,7 @@ For more detailed definitions of the private endpoint and endpoint service, see
 ## Restrictions
 
 - Currently, TiDB Cloud supports AWS PrivateLink connections only when the endpoint service is hosted in AWS. If the service is hosted in other cloud providers, the AWS PrivateLink connection is not applicable.
-- Private endpoint connection across regions is not supported.
+- Cross-region private endpoint connections is not supported.
 
 ## Prerequisites