Private Access Overview

Scenarios

When using CodeArts, some users have the following network isolation requirements:

• Isolate a private network from the public network and access CodeArts on the public cloud through Virtual Private Cloud (VPC) endpoints.
• Shield CodeArts access from the Internet, preventing employees from obtaining R&D assets at home or in other environments after leaving the enterprise intranet.

To address these isolation requirements, CodeArts provides the private access feature with the following key capabilities. The figure below shows a typical scenario of this feature.

• Use VPC endpoints to securely access CodeArts through Virtual Private Network (VPN) or Direct Connect.
• Prevent public access to CodeArts web page and open APIs, and allow only access from specified VPC endpoint IDs.
• Prevent public download from and upload to CodeArts Repo and CodeArts Artifact, and allow only access using specified VPC endpoint IDs.

Figure 1 Overview

Constraints

• Currently, private access is available in the following regions:
  • AP-Singapore
  • LA-Sao Paulo1
• Ensure that you have a Huawei Cloud account or an IAM user with the Tenant Administrator role.

  For details about how an administrator grants the Tenant Administrator role to an IAM user, see Creating a User Group and Assigning Permissions.

• After configuring private access, you can only use the custom executors in your VPC to execute tasks in CodeArts Build, CodeArts Deploy, and CodeArts Pipeline. For details about how to configure custom executors in CodeArts, see Managing Agent Pools.

Procedure

The following figure shows the process of configuring private access to CodeArts.