Function Overview_VPC Endpoint

Help Center/ VPC Endpoint/ Function Overview

Function Overview

VPC Endpoint
- VPC endpoints are secure and private channels for connecting VPCs to VPC endpoint services.
  
  You can buy a VPC endpoint to connect a resource in your VPC to a VPC endpoint service in another VPC of the same region.
  
  A VPC endpoint comes with a VPC endpoint service. VPC endpoints vary depending on the type of the VPC endpoint services that they can access:
  
  VPC endpoints for accessing interface VPC endpoint services are elastic network interfaces that have private IP addresses.
  
  VPC endpoints for accessing gateway VPC endpoint services are gateways, with routes configured to distribute traffic to the associated VPC endpoint services.
  VPC endpoints for accessing gateway VPC endpoint services can be purchased only in regions LA-Mexico City1, LA-Sao Paulo1, and LA-Santiago.
  
  Buying a VPC Endpoint
VPC Endpoint Service
- A VPC endpoint service is a cloud service or a private service that can be accessed through a VPC endpoint.
  
  There are two types of VPC endpoint services: gateway and interface.
  
  Gateway VPC endpoint services are created only for cloud services.
  
  Interface VPC endpoint services can be created for both cloud services and your private services. All VPC endpoint services for cloud services are created by default while those for private services need to be created by users themselves.
  Supported cloud services vary in different regions. For details, see the list of services that can be configured on the management console. Only in the LA-Mexico City1, LA-Sao Paulo1, and LA-Santiago regions, can OBS be configured as a gateway VPC endpoint service.
  
  Introduction to Gateway and Interface VPC endpoint services
  
  Creating a VPC Endpoint Service
Whitelist
- Permission management controls the access of a VPC endpoint in one account to a VPC endpoint service in another.
  
  After a VPC endpoint service is created, you can add an authorized account ID to or delete it from the whitelist of the endpoint service.
  
  If the whitelist is empty, access from a VPC endpoint in another account is not allowed.
  
  If an authorized account ID is already in the whitelist, you can use this account to create a VPC endpoint for connecting to the VPC endpoint service.
  
  If an authorized account ID is not in the whitelist, you cannot use this account to create a VPC endpoint for connecting to the VPC endpoint service.
  
  The VPC endpoints for connecting to interface VPC endpoint services support access control. For a new or existing VPC endpoint, you can enable access control, add or delete a whitelist record, or disable access control if you do not need it.
  Displayed on the management console.
  
  Managing Whitelist Records of a VPC Endpoint Service
  
  Configuring Access Control for a VPC Endpoint
Connection Management
- To connect a VPC endpoint to a VPC endpoint service that has connection approval enabled, obtain the approval from the owner of the endpoint service.
  
  Prerequisites: There is a VPC endpoint available for connecting to the target VPC endpoint service.
  
  Displayed on the management console.
  
  Managing Connections of a VPC Endpoint Service
Port Mapping
- After a VPC endpoint service is created, you can view the added port mappings.
  
  A port mapping defines the protocol and ports used for communications between a VPC endpoint and a VPC endpoint service.
  
  Protocol: A protocol both supported by the VPC endpoint and VPC endpoint service
  
  Service Port: A service port is provided by the backend service bound to the endpoint service.
  
  Terminal Port: A terminal port is provided by the VPC endpoint, allowing you to access the VPC endpoint service.
  Displayed on the management console.
  
  Viewing Port Mappings of a VPC Endpoint Service
Tag Management
- Tags are used to identify cloud resources. When you have many cloud resources of the same type, you can use tags to classify cloud resources by dimension (for example, use, owner, or environment).
  
  TMS provides the following functions:
  
  Resource tag management: By adding tags to resources under your account, you can classify resources. TMS provides you with a visualized table to manage resource tags, including editing tags in batches.
  
  Resource tag search: You can search for resources of all services in all regions by tag or by combination of tags.
  
  Predefined tag management: You can create, import, or export predefined tags. By predefining tags, you can plan tags from the service perspective to effectively manage tags.
  Launched regions: AP-Singapore、CN South-Guangzhou
  
  Managing Tags of a VPC Endpoint Service
  
  Managing Tags of a VPC Endpoint
Permissions
- If you need to assign different permissions to employees in your enterprise to access your cloud resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to Huawei Cloud.
  
  With IAM, you can use your Huawei Cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific Huawei Cloud resources. For example, you need to allow website maintenance personnel in your enterprise to use VPCEP resources but do not want them to delete other cloud resources or perform any high-risk operations. To achieve this result, you can create IAM users for the maintenance personnel and grant them only the permissions required for using VPCEP resources.
  
  Displayed on the management console.
  
  Permission Management
  
  Creating a User and Granting Permissions

APIs

The VPCEP service provides extended RESTful APIs.

VPCEP APIs allow you to use all VPCEP functions. VPCEP has two types of resources: VPC endpoints and VPC endpoint services.

The following table lists the APIs provided by VPCEP.

API	Description
Version management APIs	APIs for querying version information of all VPCEP APIs or a specified API.
VPC endpoint service APIs	APIs for creating, deleting, modifying, or querying a VPC endpoint service, querying, adding, or deleting a whitelist record, and querying the VPC endpoint services, the whitelist records, and the endpoints connected to and those accepted or rejected to connect to a VPC endpoint service With these APIs, you can manage VPC endpoint services and set rules based on service conditions to provide services for VPC endpoints.
VPC endpoint APIs	APIs for creating, deleting, or querying a VPC endpoint and querying the list of VPC endpoints. With these APIs, you can manage VPC endpoints and use services provided by VPC endpoint services.
Resource quota API	API for querying the quota of VPCEP resources
Tag API	API for managing VPCEP tags, including querying resources by tag, adding and deleting a tag or tags, and querying resource tags.

Displayed on the management console.

API Overview

Configuring a VPC Endpoint for Communication Across VPCs

SDKs
- With the VPCEP SDKs, you can easily invoke VPCEP APIs to create Internet-based applications on HUAWEI CLOUD.
  Currently, SDKs support Java, Python, and Go languages. You can use APIs or any other well-known SDKs.
  
  Displayed on the management console.
  
  SDK Overview

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

Function Overview

VPC Endpoint

VPC Endpoint Service

Whitelist

Connection Management

Port Mapping

Tag Management

Permissions

APIs

SDKs

Feedback

Was this page helpful?