Using a VPC Endpoint to Access KVS

Overview

A VPC endpoint is required when you want to access KVS using SDKs or APIs.

To access KVS through a VPC endpoint, do the following:

1. Buy a VPC endpoint that is used for connecting to interface VPC endpoint services.
2. Create a private zone.
3. Add an A record.

The domain name of a private zone you created when buying a VPC Endpoint is the endpoint you will use when accessing KVS through APIs or SDKs.

Precautions

• KVS currently supports only access within the same region. Make sure the VPC endpoint you buy for KVS is in the same region where your KVS resources are.
• To ensure service redundancy, you are advised to buy different VPC endpoints for different VPC endpoint service names for KVS.

Procedure

1. Log in to the console.
2. Click in the upper left corner to select a region.
3. Buy an interface VPC endpoint for KVS.
   1. Click Service List and choose Networking > VPC Endpoint.
   2. On the displayed page, click Buy VPC Endpoint.
   3. On the displayed page, configure the parameters.
      For parameter details, see Buying a VPC Endpoint for Accessing Interface VPC Endpoint Services.

      Figure 1 Buying a VPC endpoint (Cloud services-Interface)
      

      Table 1 VPC endpoint parameters

      Parameter	Description
      Region	The region where a VPC endpoint will be. Resources in different regions cannot communicate with each other over an intranet. Select the region closest to you to enjoy rapid access.
      Billing Mode	VPC endpoints only support pay-per-use billing based on the duration of use and can be created or deleted at any time.
      Service Category	There are two options: Cloud services: Select this option if the VPC endpoint service to be accessed is a cloud service. Find a service by name: Select this option if the VPC endpoint service to be accessed is a private service of your own.
      Service List	This parameter is available only when you select Cloud services for Service Category. Select com.myhuaweicloud.{Regionid}.kvs.
      VPC Endpoint Service Name	This parameter is available only when you select Find a service by name for Service Category. Enter com.myhuaweicloud.{Regionid}.kvs.
      Create a Private Domain Name	If you want to access the VPC endpoint using its domain name, select this option.
      VPC	The VPC where the VPC endpoint will be.
      Subnet	The subnet where the VPC endpoint will be.
      IPv4 Address	The private IP address of the VPC endpoint. An IPv4 address can be automatically assigned or manually specified.
      Access Control	It controls IP addresses and CIDR blocks that are allowed to access the VPC endpoint. If Access Control is enabled, only IP addresses or CIDR blocks in the whitelist are allowed to access the VPC endpoint. If Access Control is disabled, any IP addresses or CIDR blocks can access the VPC endpoint.
      Whitelist	This parameter lists the IP addresses or CIDR blocks that are allowed to access the VPC endpoint. You can add up to 20 records. 0.0.0.0 and CIDR blocks in x.x.x.x/0 format are not supported.
      Tag	Optional The identifier of the VPC endpoint, which consists of a key and a value. You can add up to 10 tags to a VPC endpoint.

   4. Click Next.
      • If you do not need to modify the settings, click Submit.
      • If you need to modify the settings, click Previous, modify them, and then click Submit.

4. Create a private zone.
   1. Click Service List and choose Network > Domain Name Service.
   2. In the navigation pane, choose Private Zones.
   3. Click Create Private Zone.
   4. Configure the parameters.
      For parameter details, see Creating a Private Zone.

      Figure 2 Creating a private zone
      

      Table 2 Parameters for creating a private zone

      Parameter	Description
      Domain Name	The domain name of the private zone. Enter kvs.{Regionid}.myhuaweicloud.com.
      Region	The region where the private zone will be.
      VPC	The VPC to be associated with the private zone. NOTE: The VPC you choose must be the VPC where your servers (such as ECSs) are. Otherwise, the domain name cannot be resolved.
      Enterprise Project	The enterprise project to be associated with the private zone. You can manage private zones by enterprise project. NOTE: This parameter is available and mandatory only when Account Type is set to Enterprise Account.
      Tag	Optional The identifier of the private zone. Each tag contains a key and a value. Each private zone can have up to 10 tags.
      Description	Optional The description of the private zone. You can enter a maximum of 255 characters.

5. Add A records.
   1. In the private zone list, search for and select kvs.{Regionid}.myhuaweicloud.com you just specified when creating a private zone.
   2. Click Add Record Set.
   3. In the displayed drawer, configure the record parameters.
      For parameter details, see Adding an A Record Set.

      Figure 3 Adding an A record
      

      Table 3 Parameters for configuring an A record

      Parameter	Description
      Name	The prefix of the domain name to be resolved. Leave it blank.
      Type	The type of the record. Select A - Map domains to IPv4 addresses from the drop-down list.
      TTL (s)	How long each record can be cached on a local DNS server, in seconds. The value ranges from 1 to 2147483647, and the default is 300.
      Value	The IPv4 addresses mapped to the domain name. You can enter up to 50 different addresses, each on a separate line.
      Weight	Optional The weight of the record. The value ranges from 0 to 1000, and the default value is 1.
      Tag	Optional The identifier of the record, which consists of a key and a value. You can create up to 10 tags for a record.
      Description	Optional The description of the domain name. You can enter a maximum of 255 characters.

   4. Click OK. Check the record you just added in the record set list. If its status is Normal, its addition is successful.
   5. Repeat this step to add another A record where Name is *.