Configuring Access Control for an Interface VPC Endpoint

Scenarios

To control IP addresses and CIDR blocks that can access a VPC endpoint, configure a whitelist. You can add or delete a whitelist record, or disable access control if you no longer need it.

For details about how to configure access control and whitelist when you are buying a VPC endpoint, see Buying a VPC Endpoint.

This section describes how to enable and configure access control after a VPC endpoint is purchased.

Constraints

• Access Control is only available for VPC endpoints for connecting to interface VPC endpoint services.
• If Access Control is disabled, any IP address can access the VPC endpoint.
• A maximum of 20 whitelist records can be added.

Enable Access Control and Add a Whitelist Record

1. Go to the VPC endpoint list page.

2. In the VPC endpoint list, locate the VPC endpoint and click its ID.
3. On the displayed page, click the Access Control tab.
4. On the Access Control tab, click Add to Whitelist.
   Figure 1 Adding a whitelist record for the VPC endpoint
   
5. Enter the authorized IP addresses or CIDR blocks.
   

   A maximum of 20 whitelist records can be added for each VPC endpoint.

   The asterisk (*) indicates all IP addresses or CIDR blocks can access the VPC endpoint. The current account is added to the whitelist by default.

6. Click OK.

Delete a Whitelist Record

1. Go to the VPC endpoint list page.

2. In the VPC endpoint list, locate the VPC endpoint and click its ID.
3. Select the Access Control tab.
4. In the whitelist, locate the IP address or CIDR block and click Delete in the Operation column.

   To delete whitelist records, select all the target IP addresses or CIDR blocks and click Delete in the upper left corner.

5. In the displayed Delete from Whitelist dialog box, click OK.