- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
-
VPC Endpoint Services
- VPC Endpoint Service Overview
- Creating a VPC Endpoint Service
- Viewing a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Managing Connections of a VPC Endpoint Service
- Managing Whitelist Records of a VPC Endpoint Service
- Managing Port Mappings of a VPC Endpoint Service
- Managing Tags of a VPC Endpoint Service
- VPC Endpoints
- Accessing OBS
- Using Cloud Eye to Monitor VPC Endpoints
- Using CTS to Audit VPC Endpoints
- Permissions Management
- Quotas
-
VPC Endpoint Services
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Version Management
-
VPC Endpoint Services
- Creating a VPC Endpoint Service
- Querying VPC Endpoint Services
- Querying Details of a VPC Endpoint Service
- Modifying a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Querying Connections to a VPC Endpoint Service
- Accepting or Rejecting a VPC Endpoint
- Querying Whitelist Records of a VPC Endpoint Service
- Batch Adding or Deleting Whitelist Records of a VPC Endpoint Service
- Querying Public VPC Endpoint Services
- Querying Basic Information About a VPC Endpoint Service
- Changing the Name of a VPC Endpoint Service
- Updating Descriptions of VPC Endpoint Connections
- Batch Adding Whitelist Records of a VPC Endpoint Service
- Batch Deleting Whitelist Records of a VPC Endpoint Service
- Updating the Description of a Whitelist Record of a VPC Endpoint Service
- VPC Endpoints
- Resource Quotas
- Tags
- Application Examples
- Appendix
- SDK Reference
- FAQs
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
-
VPC Endpoint Services
- VPC Endpoint Service Overview
- Creating a VPC Endpoint Service
- Viewing Summary of a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Managing Connections of a VPC Endpoint Service
- Managing Whitelist Records of a VPC Endpoint Service
- Viewing Port Mappings of a VPC Endpoint Service
- Managing Tags of a VPC Endpoint Service
- VPC Endpoints
- Permission Management
- FAQs
- Change History
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
- Version Management
-
APIs for Managing VPC Endpoint Services
- Creating a VPC Endpoint Service
- Querying Details of a VPC Endpoint Service
- Modifying a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Querying VPC Endpoint Services
- Querying Connections of a VPC Endpoint Service
- Accepting or Rejecting a VPC Endpoint
- Querying the Whitelist Records of a VPC Endpoint Service
- Batch Adding or Deleting Whitelist Records of a VPC Endpoint Service
- APIs for Managing VPC Endpoints
- Resource Quota
- Tag Function
- Application Examples
- Appendix
- Change History
-
User Guide (Paris Region)
- Service Overview
-
Getting Started
- Operation Guide
- Configuring a VPC Endpoint for Communications Across VPCs of the Same Domain
- Configuring a VPC Endpoint for Communications Across VPCs of Different Domains
- Configuring a VPC Endpoint for Accessing the Private IP Address of OBS over Private Networks
- Configuring a VPC Endpoint for Accessing the Public IP Address of OBS over Public Networks
-
VPC Endpoint Services
- VPC Endpoint Service Overview
- Creating a VPC Endpoint Service
- Viewing the Summary of a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Managing Connections of a VPC Endpoint Service
- Managing Whitelist Records of a VPC Endpoint Service
- Viewing Port Mappings of a VPC Endpoint Service
- Managing Tags of a VPC Endpoint Service
- VPC Endpoints
- Permissions Management
- Quotas
- FAQ
- Change History
-
API Reference (Paris Region)
- Before You Start
- API Overview
- Calling APIs
-
APIs
- Version Management
-
APIs for Managing VPC Endpoint Services
- Creating a VPC Endpoint Service
- Querying Details About a VPC Endpoint Service
- Modifying a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Querying VPC Endpoint Services
- Querying Connections of a VPC Endpoint Service
- Accepting or Rejecting a VPC Endpoint
- Querying Whitelist Records of a VPC Endpoint Service
- Batch Adding or Deleting Whitelist Records
- Querying Public VPC Endpoint Services
- Querying Basic Information About a VPC Endpoint Service
- APIs for Managing VPC Endpoints
- Resource Quota
- Tag Function
- Application Examples
- Appendix
- Change History
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
-
VPC Endpoint Services
- VPC Endpoint Service Overview
- Creating a VPC Endpoint Service
- Viewing the Summary of a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Managing Connections of a VPC Endpoint Service
- Managing Whitelist Records of a VPC Endpoint Service
- Viewing Port Mappings of a VPC Endpoint Service
- Managing Tags of a VPC Endpoint Service
- VPC Endpoints
- Quotas
- FAQ
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
-
APIs
- Version Management
-
APIs for Managing VPC Endpoint Services
- Creating a VPC Endpoint Service
- Querying Details of a VPC Endpoint Service
- Modifying a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Querying VPC Endpoint Services
- Querying Connections of a VPC Endpoint Service
- Accepting or Rejecting a VPC Endpoint
- Querying the Whitelist Records of a VPC Endpoint Service
- Batch Adding or Deleting Whitelist Records of a VPC Endpoint Service
- APIs for Managing VPC Endpoints
- Resource Quota
- Tag Function
- Application Examples
- Appendix
- Change History
- User Guide (Ankara Region)
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
-
APIs
- Version Management
-
APIs for Managing VPC Endpoint Services
- Creating a VPC Endpoint Service
- Querying Details About a VPC Endpoint Service
- Modifying a VPC Endpoint Service
- Deleting a VPC Endpoint Service
- Querying VPC Endpoint Services
- Querying Connections of a VPC Endpoint Service
- Accepting or Rejecting a VPC Endpoint
- Querying Whitelist Records of a VPC Endpoint Service
- Batch Adding or Deleting Whitelist Records
- Querying Public VPC Endpoint Services
- Querying Basic Information About a VPC Endpoint Service
- APIs for Managing VPC Endpoints
- Resource Quota
- Application Examples
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Managing the Policy of a VPC Endpoint
VPC endpoint policies are a type of resource-based policies. You can configure a policy to control which principals can use the VPC endpoint to access Huawei Cloud services.
VPC endpoint policies do not override or replace the identity-based or resource-based policies in IAM. For example, if you have accessed OBS using a gateway VPC endpoint, you can still set OBS bucket policies to control access to an OBS bucket from a specific VPC endpoint or VPC.
There are two types of VPC endpoint policies:
- Policies of gateway VPC endpoints: policies that are configured to control which VPC endpoint can access gateway VPC endpoint services.
- After this function is enabled, you can create custom policies. If you do not customize policies, the FullAccess policy is used by default.
- If this function is disabled, you cannot create custom policies.
- Policies of interface VPC endpoints: policies that are configured to control which VPC endpoint can access interface VPC endpoint services.
- After this function is enabled, you can create custom policies. If you do not customize policies, the FullAccess policy is used by default.
- If this function is disabled, you cannot create custom policies.
Constraints
- A VPC endpoint policy is defined in the JSON document of IAM policies. VPC endpoint policies must comply with the grammar and structure of IAM permission policies.
- When creating an interface VPC endpoint for accessing a Huawei Cloud service, you can configure a policy for a single VPC endpoint and update the policy in real time. If you do not configure a VPC endpoint policy, full access is allowed for the VPC endpoint by default.
- Some Huawei Cloud services support VPC endpoint policies. For details, see the console. If a cloud service does not support VPC endpoint policies, the service can be accessed by any VPC endpoint.
- When you create a VPC endpoint for accessing a private service, full access is allowed for the VPC endpoint.
Configuring a Policy of a VPC Endpoint
You can enable Policy when buying a VPC endpoint. For details, see Buying a VPC Endpoint.
Viewing the Policy of a VPC Endpoint
- Log in to the VPC Endpoint console.
- Click
in the upper left corner and select the desired region and project.
- In the VPC endpoint list, click the VPC endpoint ID.
- Click the Policy tab and view the VPC endpoint policy.
Modifying the Policy of a VPC Endpoint
- Log in to the VPC Endpoint console.
- Click
in the upper left corner and select the desired region and project.
- In the VPC endpoint list, click the VPC endpoint ID.
- Go to the Policy tab, click Edit and modify the policy.
- Click Confirm.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot