Help Center> VPC Endpoint> API Reference> API> VPC Endpoint Services> Creating a VPC Endpoint Service

Updated on 2023-12-07 GMT+08:00

View PDF

Creating a VPC Endpoint Service

Function

This API is used to create a VPC endpoint service. Other users can create a VPC endpoint to connect to the VPC endpoint service.

Note: This API is asynchronous. If it is successfully invoked, status code 200 is returned, indicating that the request has been successfully delivered. It takes 1 to 2 minutes for the system to provision a VPC endpoint service. You can view the creation result by querying the details about the VPC endpoint service.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/vpc-endpoint-services

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see Obtaining a Project ID. Minimum: 1 Maximum: 64

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Specifies the user token. It is a response to the API for obtaining a user token. This API is the only one that does not require authentication.The value of X-Subject-Token in the response header is the token value.
Content-Type	No	String	Specifies the MIME type of the request body. Default value application/json is recommended. For APIs used to upload objects or images, the MIME type varies depending on the flow type. Default: application/json

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
port_id	Yes	String	Specifies the ID that identifies the backend resource of the VPC endpoint service. The ID is in UUID format. The value can be: The port ID of the private IP address of a load balancer (recommended). For details, see section "Viewing Details of a Load Balancer" in the Elastic Load Balance API Reference. The NIC ID of an ECS IP address. For details, see the port_id field in the response parameters of section "Querying NICs of an ECS" in the Elastic Cloud Server API Reference. The NIC ID of the virtual server for which the virtual IP address is configured (discarded). Note: You cannot create a VPC endpoint service in a VPC whose CIDR block overlaps with 198.19.128.0/17. The destination address of the custom route in the VPC route table cannot overlap with 198.19.128.0/17. Minimum: 1 Maximum: 64
service_name	No	String	Specifies the name of the VPC endpoint service. The name can contain a maximum of 16 characters, including letters, digits, underscores (_), and hyphens (-). If you do not specify this parameter, the VPC endpoint service name is in regionName.serviceId format: If you specify a valid value, the VPC endpoint service name is in the following format: regionNameserviceNameserviceId. Minimum: 0 Maximum: 16
vpc_id	Yes	String	Specifies the ID of the VPC where the backend resource of the VPC endpoint service is located. For details, see the id field in the response information of the section "Querying VPC Details" in the Virtual Private Cloud API Reference. Minimum: 1 Maximum: 64
approval_enabled	No	Boolean	Specifies whether approval is required. ● false: No approval is required. The created VPC endpoint is in the accepted state by default. ● true: Approval is required. The created VPC endpoint is in the pendingAcceptance state and can be used only after being approved by the user of the VPC endpoint service. The default value is true. Default: true
service_type	No	String	Specifies the type of the VPC endpoint service. Only your private services can be configured into interface VPC endpoint services. There are two types of VPC endpoint services: interface and gateway. gateway: indicates the VPC endpoint services that are configured by the O&M personnel. You can use them directly without creating them by yourselves. interface: indicates the cloud services configured by the O&M personnel and private services created by yourselves. You can directly use the cloud services configured by the O&M personnel without creating them by yourself. You can query the public VPC endpoint services to view the VPC endpoint services that are visible and accessible to all users and are configured by the O&M personnel. You can create VPC endpoints to connect to gateway and interface VPC endpoint services. Default: interface
server_type	Yes	String	Specifies the resource type. VM: indicates a cloud server. VIP: indicates a virtual IP address. (This value has been discarded. LB is recommended.) LB: indicates a load balancer that works well for high-traffic services that require high reliability and disaster recovery (DR) performance.
ports	Yes	Array of PortList objects	Specifies the port mappings opened by the VPC endpoint service. Duplicate port mappings are not allowed in the same VPC endpoint service. If multiple VPC endpoint services share one port ID, the combinations of server ports and protocols for all port mappings between VPC endpoint services must be unique. A maximum of 200 port mappings can be added at a time.
tcp_proxy	No	String	Specifies whether to transfer client information, such as source IP addresses, source port numbers, and marker IDs, to the server. The information can be sent to the server in the following ways: TCP TOA: The client information is placed into the tcp option field and sent to the server. Note: TCP TOA is available only when the backend resource is OBS. Proxy Protocol: The client information is placed into the tcp payload field and sent to the server. tcp_proxy is available only when the server can parse the tcp option and tcp payload fields. The value can be one of the following: close: Neither TCP TOA nor Proxy Protocol information is carried. toa_open: TCP TOA information is carried. proxy_open: Proxy Protocol information in carried. open: Both TCP TOA and Proxy Protocol information are carried. proxy_vni: Only Proxy Protocol and Proxy VNI information is carried. The default value is close. Default: close
tags	No	Array of TagList objects	Resource tag list A maximum of 10 tags can be added to a VPC endpoint service.
description	No	String	Specifies the description field. The value can contain characters such as letters and digits, but cannot contain less than signs (<) and great than signs (>). Minimum: 0 Maximum: 512
enable_policy	No	Boolean	Specifies whether the VPC endpoint policy is enabled. ● false: The VPC endpoint policy cannot be set. ● true: The VPC endpoint policy can be set. The default value is false. Default: false

**Table 4** PortList
Parameter	Mandatory	Type	Description
client_port	No	Integer	Specifies the port to be accessed by a VPC endpoint. This port is provided by the VPC endpoint, allowing you to access the VPC endpoint service. Supported range: 1 to 65535. Minimum: 1 Maximum: 65535 Minimum: 1 Maximum: 65535
server_port	No	Integer	Specifies the port for accessing the VPC endpoint service. This port is associated with backend resources to provide VPC endpoint services. Supported range: 1 to 65535 Minimum: 1 Maximum: 65535 Minimum: 1 Maximum: 65535
protocol	No	String	Port mapping protocol. TCP is supported. Default: TCP

**Table 5** TagList
Parameter	Mandatory	Type	Description
key	No	String	Specifies the tag key. A tag key contains a maximum of 36 Unicode characters. It cannot be left blank. It cannot contain equal signs (=), asterisks (*), less than signs (<), greater than signs (>), backslashes (), commas (,), vertical bars (\|), and slashes (/), and the first and last characters cannot be spaces. Minimum: 1 Maximum: 36
value	No	String	Specifies the tag key. A tag value contains a maximum of 43 Unicode characters and can be an empty string. It cannot contain equal signs (=), asterisks (*), less than signs(<), greater than signs (>), backslashes (), commas (,), vertical bars (\|), and slashes (/), and the first and last characters cannot be spaces. Minimum: 1 Maximum: 43

Response Parameters

Status code: 200

**Table 6** Response body parameters
Parameter	Type	Description
id	String	Specifies the unique ID of the VPC endpoint service. Minimum: 1 Maximum: 64
port_id	String	Specifies the ID that identifies the backend resource of the VPC endpoint service. The ID is in UUID format. The value can be: LB: indicates the port ID of the private IP address of a load balancer (recommended). VM: indicates the NIC ID of an ECS IP address. VIP: indicates the NIC ID of the virtual server for which the virtual IP address is configured. (This value has been discarded. LB is recommended.) Minimum: 1 Maximum: 64
service_name	String	Specifies the name of the VPC endpoint service. Minimum: 0 Maximum: 128
server_type	String	Specifies the resource type. VM: cloud server VIP: virtual IP address LB: enhanced load balancer
vpc_id	String	Specifies the ID of the VPC where the backend resource of the VPC endpoint service is located. Minimum: 1 Maximum: 64
pool_id	String	Specifies the cluster ID of the VPC endpoint service.
approval_enabled	Boolean	Specifies whether connection approval is required. false: Connection approval is not required. The created VPC endpoint is in the accepted state. true: Connection approval is required. The created VPC endpoint is in the pendingAcceptance state, and it can be used only after being approved by the user of the VPC endpoint service.
status	String	Specifies the status of the VPC endpoint service. creating: The VPC endpoint service is being created. available: The VPC endpoint service is connectable. failed: The VPC endpoint service failed to be created.
service_type	String	Specifies the type of the VPC endpoint service. There are two types of VPC endpoint services: interface and gateway. gateway: indicates the VPC endpoint services that are configured by the O&M personnel. You can use them directly without creating them by yourselves. interface: indicates the cloud services configured by the O&M personnel and private services created by yourselves. You cannot configure these cloud services, but can use them. You can create VPC endpoints to connect to gateway and interface VPC endpoint services. Minimum: 1 Maximum: 16
created_at	String	Specifies when the VPC endpoint service was created. The UTC time format YYYY-MMDDTHH:MM:SSZ is used.
updated_at	String	Specifies when the VPC endpoint service was updated. The UTC time format YYYY-MMDDTHH:MM:SSZ is used.
project_id	String	Specifies the project ID. Minimum: 1 Maximum: 64
ports	Array of PortList objects	Specifies the port mappings opened to the VPC endpoint service. Duplicate port mappings are not allowed in the same VPC endpoint service. If multiple VPC endpoint services share one port_id, either server_port or protocol, or both server_port and protocol of each of these endpoint services must be unique.
tcp_proxy	String	Specifies whether to transfer client information, such as source IP addresses, source port numbers, and marker IDs, to the server. The information can be sent to the server in the following ways: TCP TOA: The client information is placed into the tcp option field and sent to the server. Note: TCP TOA is available only when the backend resource is OBS. Proxy Protocol: The client information is placed into the tcp payload field and sent to the server. tcp_proxy is available only when the server can parse the tcp option and tcp payload fields. The value can be one of the following: close: Neither TCP TOA nor Proxy Protocol information is carried. toa_open: TCP TOA information is carried. proxy_open: Proxy Protocol information in carried. open: Both TCP TOA and Proxy Protocol information are carried. proxy_vni: Only Proxy Protocol and Proxy VNI information is carried. The default value is close.
tags	Array of TagList objects	Specifies resource tags.
description	String	Specifies the description field. The value can contain characters such as letters and digits, but cannot contain less than signs (<) nor great than signs (>). Minimum: 0 Maximum: 512
enable_policy	Boolean	Specifies whether the VPC endpoint policy is enabled. false: The VPC endpoint policy cannot be set. true: The VPC endpoint policy can be set. The default value is false.

**Table 7** PortList
Parameter	Type	Description
client_port	Integer	Specifies the port to be accessed by a VPC endpoint. This port is provided by the VPC endpoint, allowing you to access the VPC endpoint service. Supported range: 1 to 65535. Minimum: 1 Maximum: 65535 Minimum: 1 Maximum: 65535
server_port	Integer	Specifies the port for accessing the VPC endpoint service. This port is associated with backend resources to provide VPC endpoint services. Supported range: 1 to 65535 Minimum: 1 Maximum: 65535 Minimum: 1 Maximum: 65535
protocol	String	Port mapping protocol. TCP is supported. Default: TCP

**Table 8** TagList
Parameter	Type	Description
key	String	Specifies the tag key. A tag key contains a maximum of 36 Unicode characters. It cannot be left blank. It cannot contain equal signs (=), asterisks (*), less than signs (<), greater than signs (>), backslashes (), commas (,), vertical bars (\|), and slashes (/), and the first and last characters cannot be spaces. Minimum: 1 Maximum: 36
value	String	Specifies the tag key. A tag value contains a maximum of 43 Unicode characters and can be an empty string. It cannot contain equal signs (=), asterisks (*), less than signs(<), greater than signs (>), backslashes (), commas (,), vertical bars (\|), and slashes (/), and the first and last characters cannot be spaces. Minimum: 1 Maximum: 43

Example Requests

Creating an interface VPC endpoint service (Setting approval_enabled to false, service type to VM, client_port to 8080 and 8081, server_port to 90 and 80, and protocol to TCP)

POST https://{endpoint}/v1/{project_id}/vpc-endpoint-services

{
  "port_id" : "4189d3c2-8882-4871-a3c2-d380272eed88",
  "vpc_id" : "4189d3c2-8882-4871-a3c2-d380272eed80",
  "approval_enabled" : false,
  "service_type" : "interface",
  "server_type" : "VM",
  "ports" : [ {
    "client_port" : 8080,
    "server_port" : 90,
    "protocol" : "TCP"
  }, {
    "client_port" : 8081,
    "server_port" : 80,
    "protocol" : "TCP"
  } ]
}

Example Responses

Status code: 200

The server has successfully processed the request.

{
  "id" : "4189d3c2-8882-4871-a3c2-d380272eed83",
  "port_id" : "4189d3c2-8882-4871-a3c2-d380272eed88",
  "vpc_id" : "4189d3c2-8882-4871-a3c2-d380272eed80",
  "pool_id" : "5289d3c2-8882-4871-a3c2-d380272eed80",
  "status" : "available",
  "approval_enabled" : false,
  "service_name" : "test123",
  "service_type" : "interface",
  "server_type" : "VM",
  "project_id" : "6e9dfd51d1124e8d8498dce894923a0d",
  "created_at" : "2022-04-14T09:35:47Z",
  "ports" : [ {
    "client_port" : 8080,
    "server_port" : 90,
    "protocol" : "TCP"
  }, {
    "client_port" : 8081,
    "server_port" : 80,
    "protocol" : "TCP"
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpcep.v1.region.VpcepRegion;
import com.huaweicloud.sdk.vpcep.v1.*;
import com.huaweicloud.sdk.vpcep.v1.model.*;

import java.util.List;
import java.util.ArrayList;

public class CreateEndpointServiceSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        VpcepClient client = VpcepClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcepRegion.valueOf("cn-north-4"))
                .build();
        CreateEndpointServiceRequest request = new CreateEndpointServiceRequest();
        CreateEndpointServiceRequestBody body = new CreateEndpointServiceRequestBody();
        List<PortList> listbodyPorts = new ArrayList<>();
        listbodyPorts.add(
            new PortList()
                .withClientPort(8080)
                .withServerPort(90)
                .withProtocol(PortList.ProtocolEnum.fromValue("TCP"))
        );
        listbodyPorts.add(
            new PortList()
                .withClientPort(8081)
                .withServerPort(80)
                .withProtocol(PortList.ProtocolEnum.fromValue("TCP"))
        );
        body.withPorts(listbodyPorts);
        body.withServerType(CreateEndpointServiceRequestBody.ServerTypeEnum.fromValue("VM"));
        body.withServiceType("interface");
        body.withApprovalEnabled(false);
        body.withVpcId("4189d3c2-8882-4871-a3c2-d380272eed80");
        body.withPortId("4189d3c2-8882-4871-a3c2-d380272eed88");
        request.withBody(body);
        try {
            CreateEndpointServiceResponse response = client.createEndpointService(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

# coding: utf-8

from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpcep.v1.region.vpcep_region import VpcepRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpcep.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.getenv("CLOUD_SDK_AK")
    sk = os.getenv("CLOUD_SDK_SK")

    credentials = BasicCredentials(ak, sk) \

    client = VpcepClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcepRegion.value_of("cn-north-4")) \
        .build()

    try:
        request = CreateEndpointServiceRequest()
        listPortsbody = [
            PortList(
                client_port=8080,
                server_port=90,
                protocol="TCP"
            ),
            PortList(
                client_port=8081,
                server_port=80,
                protocol="TCP"
            )
        ]
        request.body = CreateEndpointServiceRequestBody(
            ports=listPortsbody,
            server_type="VM",
            service_type="interface",
            approval_enabled=False,
            vpc_id="4189d3c2-8882-4871-a3c2-d380272eed80",
            port_id="4189d3c2-8882-4871-a3c2-d380272eed88"
        )
        response = client.create_endpoint_service(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpcep "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := vpcep.NewVpcepClient(
        vpcep.VpcepClientBuilder().
            WithRegion(region.ValueOf("cn-north-4")).
            WithCredential(auth).
            Build())

    request := &model.CreateEndpointServiceRequest{}
	clientPortPorts:= int32(8080)
	serverPortPorts:= int32(90)
	protocolPorts:= model.GetPortListProtocolEnum().TCP
	clientPortPorts1:= int32(8081)
	serverPortPorts1:= int32(80)
	protocolPorts1:= model.GetPortListProtocolEnum().TCP
	var listPortsbody = []model.PortList{
        {
            ClientPort: &clientPortPorts,
            ServerPort: &serverPortPorts,
            Protocol: &protocolPorts,
        },
        {
            ClientPort: &clientPortPorts1,
            ServerPort: &serverPortPorts1,
            Protocol: &protocolPorts1,
        },
    }
	serviceTypeCreateEndpointServiceRequestBody:= "interface"
	approvalEnabledCreateEndpointServiceRequestBody:= false
	request.Body = &model.CreateEndpointServiceRequestBody{
		Ports: listPortsbody,
		ServerType: model.GetCreateEndpointServiceRequestBodyServerTypeEnum().VM,
		ServiceType: &serviceTypeCreateEndpointServiceRequestBody,
		ApprovalEnabled: &approvalEnabledCreateEndpointServiceRequestBody,
		VpcId: "4189d3c2-8882-4871-a3c2-d380272eed80",
		PortId: "4189d3c2-8882-4871-a3c2-d380272eed88",
	}
	response, err := client.CreateEndpointService(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}