Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Networking in Yandex StoreDoc

Written by
Updated at January 22, 2026

When creating a cluster, you can:

  • Specify a network for the entire cluster.

  • Specify subnets for each host in the cluster.

  • Request public access to connect to the cluster from outside Yandex Cloud.

You do not need to specify subnets for the hosts if the availability zone of each host contains only one subnet of the cluster network.

Host name and FQDN

Yandex StoreDoc generates the name of each cluster host when creating it. This name will be the host's fully qualified domain name (FQDN). The host name and, consequently, FQDN cannot be changed.

To learn how to get host FQDN, see this guide.

You can use the FQDN to access the host within a single cloud network. For more information, see the Yandex Virtual Private Cloud documentation.

Public access to a host

Any cluster host can be accessible from outside Yandex Cloud if you requested public access when creating the host. To connect to such a host, use its FQDN.

You cannot request a public address after creating a host; however, you can replace one of the existing hosts with a new one that has a public address.

When deleting a host with a public FQDN, the assigned IP address is revoked.

Security groups

Security groups follow the rule that all traffic is denied unless you explicitly allow it. To connect to a cluster, configure security group rules. These rules allow traffic from certain ports, IP addresses, or other security groups. For example, a VM will not be able to connect to a cluster in the following cases:

  • The VM is in the 10.128.0.0/16 subnet, whereas the inbound rules only allow 10.133.0.0/24.
  • The VM is in the 10.133.0.0/24 subnet but attempts to access a port not exposed in the security group rules.

For information on how to configure security groups, see Configuring security groups.

Tip

When connecting to a cluster from the same cloud network, configure security groups both for the cluster and the connecting host.

Features of using security groups:

  • Even if the cluster and host share the same security group, you still need rules allowing traffic between them to be able to connect to the cluster from the host. By default, such rules are included in the security group created along with the cloud network. These are the Self rules that allow unlimited traffic within the security group.

  • Security group settings only determine whether connecting to the cluster is possible. They do not affect cluster features, such as replication, sharding, and backups.

For more information, see this Virtual Private Cloud article.

Use cases

Previous
Using deprecated host classes
Next
Quotas and limits