Functions
VPC Endpoint
VPC Endpoint provides secure, private channels to connect VPCs to VPC endpoint services, including cloud services or your private services. It allows you to plan networks flexibly without having to use EIPs.
VPC Endpoint provides two types of resources: VPC endpoint services and VPC endpoints. VPC endpoints can establish secure and private channels for connecting VPCs to VPC endpoint services.
You can buy a VPC endpoint to connect a resource in your VPC to a VPC endpoint service in another VPC of the same region.
A VPC endpoint must have a VPC endpoint service. VPC endpoints vary depending on the type of the VPC endpoint services that they can access.
- VPC endpoints for accessing interface VPC endpoint services are elastic network interfaces that have private IP addresses.
- VPC endpoints for accessing gateway VPC endpoint services are gateways, with routes configured to distribute traffic to the associated VPC endpoint services.
For details, see Endpoints.
VPC Endpoint Service
A VPC endpoint service is a cloud service or a private service that can be accessed through a VPC endpoint.
There are two types of VPC endpoint services:
- Gateway endpoint services are created only for cloud services.
- Interface VPC endpoint services can be created for both cloud services and your private services. Cloud services are configured as VPC endpoint services by the O&M personnel by default. However, you need to create VPC endpoint services for your private services.
For details, see Creating a VPC Endpoint Service.
Monitoring VPC Endpoints
Monitoring is key to ensuring performance, reliability, and availability of VPC endpoints. You can use Cloud Eye to track statuses and performance of your VPC endpoints in real time.
For details, see Using Cloud Eye to Monitor VPC Endpoints.
Viewing Traces
CTS records operations on cloud resources in your account. You can use the logs to perform security analysis, track resource changes, audit compliance, and locate faults. After CTS is enabled, it starts recording operations on your cloud resources. You can view the operation records of the last 7 days on the CTS console.
For details, see Querying Real-Time Traces.
Whitelist
A whitelist can be used to control the access from a VPC endpoint in an account to a VPC endpoint service in another.
After a VPC endpoint service is created, you can add an authorized account ID to or delete it from the whitelist of the VPC endpoint service.
- If the whitelist is empty, access from a VPC endpoint in another account is not allowed.
- If an account ID is already in the whitelist of the VPC endpoint service, you can use this account to create a VPC endpoint for connecting to the VPC endpoint service.
- If an account ID is not in the whitelist of the VPC endpoint service, you cannot use this account to create a VPC endpoint for connecting to the VPC endpoint service.
The VPC endpoints for connecting to interface VPC endpoint services support access control. You can configure a whitelist to control IP addresses that can access a VPC endpoint. You can enable or disable access control when creating a VPC endpoint or for an existing VPC endpoint, and add or delete a whitelist record.
For details, see Managing Whitelist Records of a VPC Endpoint Service.
Connection Management
To connect a VPC endpoint to a VPC endpoint service that has connection approval enabled, obtain the approval from the owner of the VPC endpoint service, who can either accept or reject the connection.
For details, see Managing Connections of a VPC Endpoint Service.
Port Mapping
- Protocol: a protocol supported by both the VPC endpoint and VPC endpoint service.
- Service Port: a backend resource port to provide a service.
- Endpoint Port: a VPC endpoint port for you to access a VPC endpoint service.
For details, see Managing Port Mappings of a VPC Endpoint Service.
Permissions Management
If you need to assign different permissions to employees in your enterprise to access your VPC Endpoint resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, fine-grained permissions management, and access control. IAM helps you secure access to your Huawei Cloud resources
With IAM, you can use your HUAWEI ID to create IAM users and assign permissions to control their access to specific Huawei Cloud resources. For example, if you want website maintenance personnel in your enterprise to use VPC Endpoint resources but do not want them to delete other cloud resources or perform any other high-risk operations, you can create IAM users and grant only permissions to use VPC Endpoint resources.
For details, see Permissions.
APIs
VPC Endpoint provides extended RESTful APIs.
VPC Endpoint APIs allow you to use all VPC Endpoint functions. VPC Endpoint has two types of resources: VPC endpoints and VPC endpoint services.
The following table lists the APIs provided by VPC Endpoint.
|
API |
Description |
|---|---|
|
Version management APIs |
APIs for querying version information of all VPC Endpoint APIs or a specified API |
|
VPC endpoint service APIs |
With these APIs, you can manage VPC endpoint services and configure rules based on service conditions to provide services for VPC endpoints. |
|
VPC endpoint APIs |
|
|
Resource quota APIs |
APIs for querying the quota of a VPC endpoint and a VPC endpoint service. |
|
Tag APIs |
APIs for managing tags of VPC Endpoint resources, including querying resources by tag, adding or deleting a tag or tags to or from a resource, and querying resource tags. |
For details, see API Overview.
SDKs
API Explorer can dynamically generate SDK code that meets your requirements, simplifying SDK usage. SDKs support Java, Python, and Go languages. You can use APIs or any of the SDKs you are familiar with.
For details, see SDK Overview.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
