Managing Whitelist Records of a VPC Endpoint Service

Permission management controls the access of a VPC endpoint in one domain to a VPC endpoint service in another.

After a VPC endpoint service is created, you can add an authorized domain ID to or delete it from the whitelist of the endpoint service.

If the whitelist is empty, access from a VPC endpoint in another domain is not allowed.
If an authorized domain ID is already in the whitelist, you can use this domain to create a VPC endpoint for connecting to the VPC endpoint service.
If an authorized domain ID is not in the whitelist, you cannot use this domain to create a VPC endpoint for connecting to the VPC endpoint service.

This section describes how to add or delete a whitelist record for a VPC endpoint service.

In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
In the VPC endpoint service list, locate the target VPC endpoint service and click its name.
On the displayed page, select the Permission Management tab and click Add to Whitelist.
Enter an authorized domain ID in the required format and click OK.
- Your domain is in the whitelist of your VPC endpoint service by default.
- The authorized domain ID is in the iam:domain::domain_id format.
  domain_id indicates the ID of the authorized domain, for example, iam:domain::1564ec50ef2a47c791ea5536353ed4b9
- Adding * to the whitelist means that all users can access the VPC endpoint service.

In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
In the VPC endpoint service list, locate the target VPC endpoint service and click its name.
On the displayed page, select the Permission Management tab, locate the target domain ID, and click Delete in the Operation column.
To delete multiple whitelist records, select all the target domain IDs and click Delete in the upper left corner.
Click Yes.