Configuring Access Control for a VPC Endpoint

Scenarios

To control IP addresses and CIDR blocks that can access a VPC endpoint, configure a whitelist. You can add or delete a whitelist record, or disable access control if you no longer need it.

Access Control is only available for VPC endpoints for connecting to interface VPC endpoint services.
If Access Control is disabled, any IP address can access the VPC endpoint.

For details about how to configure access control and whitelist when you are creating a VPC endpoint, see Creating a VPC Endpoint.

This section describes how to enable and configure access control after a VPC endpoint is created.

Constraints

Access Control is only available for VPC endpoints for connecting to interface VPC endpoint services.
If Access Control is disabled, any IP address can access the VPC endpoint.
A maximum of 20 whitelist records can be added.

Enable Access Control and Add a Whitelist Record

Log in to the management console.
Click in the upper left corner and select the required region and project.

Click Service List and choose Networking > VPC Endpoint.

In the VPC endpoint list, locate the target VPC endpoint and click its ID.
On the displayed page, click the Access Control tab.
On the Access Control tab, click Add to Whitelist.
Enter the authorized IP addresses or CIDR blocks.

A maximum of 20 whitelist records can be added for each VPC endpoint.
Click OK.

Delete a Whitelist Record

Log in to the management console.
Click in the upper left corner and select the required region and project.

Click Service List and choose Networking > VPC Endpoint.

In the VPC endpoint list, locate the target VPC endpoint and click its ID.
Select the Access Control tab.
In the whitelist, locate the target IP address or CIDR block and click Delete in the Operation column.
To delete whitelist records, select all the target IP addresses or CIDR blocks and click Delete in the upper left corner.
In the displayed Delete from Whitelist dialog box, click Yes.