Help Center/ GeminiDB/ GeminiDB DynamoDB-Compatible API/ Working with GeminiDB DynamoDB-Compatible API/ GeminiDB Serverless/ Creating and Deleting a VPC Endpoint
Updated on 2025-12-11 GMT+08:00
View PDF
Share

Creating and Deleting a VPC Endpoint

Scenarios

When you access GeminiDB Serverless using APIs or SDKs, you need to use VPC endpoints. This section describes how to access GeminiDB Serverless using a VPC endpoint.

Usage Notes

  • Professional VPC endpoints will be preferentially created if they are supported at your site. For details about professional VPC endpoints, see VPC Endpoint.
  • A VPC endpoint will be created in a VPC endpoint service. After a VPC endpoint is created, do not delete it from the VPC endpoint service, or GeminiDB Serverless cannot be accessed via the VPC endpoint.

Billing

You need to pay extra fees for creating a VPC endpoint. For details, see VPC Endpoint Billing.

Configuring Permissions

If you are using an IAM user, configure GeminiDB permissions before you access DynamoDB Serverless via VPC endpoints. For details about the permissions, see GeminiDB Permission Management. The procedure is as follows:

  1. System-defined policy: Configure GeminiDB FullAccess and GeminiDBServerlessFullAccessPolicy permissions.
  2. If you do not configure GeminiDB FullAccess, you can create a custom policy and configure the following permissions on the IAM console. For details, see Creating a Custom Policy.

    If the JSON view is used to configure a custom policy, the policy content is as follows. Table 1 lists the details.

    {   
    "Version": "5.0",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [         
                "vpcep:endpoints:create",
                "vpcep:endpoints:delete",
                "vpcep:endpoints:get",
                "gaussdbfornosql:serverless:createEndpoint",
                "gaussdbfornosql:serverless:deleteEndpoint",
                "gaussdbfornosql:serverless:listEndpoints"
             ] 
        } 
    ] 
}
  3. You can assign the custom policy created in 2 to the user on the IAM console.
Table 1 Permissions required for VPC endpoints of Serverless

Service

Permission

Description

gaussdbfornosql

gaussdbfornosql:serverless:listEndpoints

gaussdbfornosql:serverless:createEndpoint

gaussdbfornosql:serverless:deleteEndpoint

Manages VPC endpoints of GeminiDB Serverless.

VPCEP

vpcep:endpoints:create

vpcep:endpoints:delete

vpcep:endpoints:get

Grants GeminiDB the permissions of VPC endpoint services.

Procedure

  1. Log in to the Huawei Cloud console.
  2. In the navigation pane, choose Serverless > VPC Endpoint.
  3. On the displayed page, click Create VPC Endpoint. On the displayed page, set the parameters described in Table 2.

    Figure 1 Creating a VPC endpoint
    Table 2 Creating a VPC endpoint

    Parameter

    Description

    VPC

    Virtual private network where your endpoints are located. A VPC isolates networks for different services. You can select an existing VPC or create a VPC.

    For details about how to create a VPC, see "Creating a VPC" in Virtual Private Cloud User Guide.

    NOTE:

    After the endpoint is created, its VPC cannot be changed.

    To connect an endpoint to an ECS over a private network, ensure they are in the same VPC. If they are not, create a VPC peering connection between them.

    Subnet

    A subnet provides dedicated network resources that are logically isolated from other networks, improving network security.

    Compatible API

    Compatible database API type. Currently, only DynamoDB is supported.

  4. After confirming the settings, click Create Now.
  5. On the VPC Endpoint page, you can view and manage endpoints.

    It takes about 1 to 3 minutes to create a VPC endpoint. After it is created, its status changes to Available.

    If the page is not refreshed for a long time, you can click in the upper right corner to view the VPC endpoint status.

  1. Log in to the Huawei Cloud console.
  2. In the navigation pane, choose Serverless > VPC Endpoint.
  3. On the VPC Endpoint page, locate the target VPC endpoint and click Delete.
  4. If you have enabled operation protection, click Start Verification in the Delete VPC Endpoint dialog box. On the displayed page, click Send Code, enter the verification code, and click Verify. The page is closed automatically.

    If you have enabled operation protection, two-factor authentication is required for sensitive operations to secure your account and cloud products. For details about how to enable operation protection, see Identity and Access Management User Guide.

  5. In the displayed dialog box, click OK. Deleted VPC endpoints are not displayed in the list.

    Figure 2 Deleting a VPC endpoint

Follow-up Operations

Managing GeminiDB Serverless Tables

Parent Topic: GeminiDB Serverless