Connection Management
|
Operation
diff --git a/docs/vpcep/umn/vpcep_03_0103.html b/docs/vpcep/umn/vpcep_03_0103.html
index 0d6942ef1..a44f3b855 100644
--- a/docs/vpcep/umn/vpcep_03_0103.html
+++ b/docs/vpcep/umn/vpcep_03_0103.html
@@ -9,8 +9,8 @@
-
diff --git a/docs/vpcep/umn/vpcep_03_0104.html b/docs/vpcep/umn/vpcep_03_0104.html
index 2a836fe6d..d1e4331e9 100644
--- a/docs/vpcep/umn/vpcep_03_0104.html
+++ b/docs/vpcep/umn/vpcep_03_0104.html
@@ -6,7 +6,7 @@
PrerequisitesThere is a VPC endpoint available for connecting to the target VPC endpoint service.
Procedure- Log in to the management console.
- Click
 in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- Select the Connection Management tab.
Figure 1 Connection Management
+Procedure- Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- Select the Connection Management tab.
Figure 1 Connection Management
- Accept or reject connection from a VPC endpoint in the list based on service requirements.
- If you click Accept, the VPC endpoint can connect to the VPC endpoint service.
- If you click Reject, the VPC endpoint cannot connect to the VPC endpoint service.
- If the whitelist is empty, access from a VPC endpoint in another account is not allowed.
- If an authorized account ID is already in the whitelist, you can use this account to create a VPC endpoint for connecting to the VPC endpoint service.
- If an authorized account ID is not in the whitelist, you cannot use this account to create a VPC endpoint for connecting to the VPC endpoint service.
This section describes how to add or delete a whitelist record for a VPC endpoint service.
Add a Whitelist Record- Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- On the displayed page, select the Permission Management tab and click Add to Whitelist.
- Enter an authorized account ID in the required format and click OK.
Figure 1 Add to Whitelist
+Add a Whitelist Record- Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- On the displayed page, select the Permission Management tab and click Add to Whitelist.
- Enter an authorized account ID in the required format and click OK.
Figure 1 Add to Whitelist
Delete a Whitelist Record- Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- On the displayed page, click the Permission Management tab, locate the account ID, and click Delete in the Operation column.
To delete multiple whitelist records, select the account IDs to be deleted and click Delete in the upper left corner.
- - Click Yes.
+ - In the displayed dialog box, click OK.
diff --git a/docs/vpcep/umn/vpcep_03_0106.html b/docs/vpcep/umn/vpcep_03_0106.html
index 5cdb59ef1..c2478e76e 100644
--- a/docs/vpcep/umn/vpcep_03_0106.html
+++ b/docs/vpcep/umn/vpcep_03_0106.html
@@ -5,7 +5,7 @@
A port mapping defines the protocol and ports used for communications between a VPC endpoint and a VPC endpoint service.
- Protocol: a protocol both supported by the VPC endpoint and VPC endpoint service
- Service Port: provided by the backend resource bound to the VPC endpoint service.
- Terminal Port: provided by the VPC endpoint, allowing you to access the VPC endpoint service.
Procedure- Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- On the displayed page, select the Port Mapping tab.
The port mappings configured for the VPC endpoint service are displayed. Figure 1 Port Mapping
+ Procedure- Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- On the displayed page, select the Port Mapping tab.
The port mappings configured for the VPC endpoint service are displayed. Figure 1 Port Mapping
diff --git a/docs/vpcep/umn/vpcep_03_0108.html b/docs/vpcep/umn/vpcep_03_0108.html
index 7c8f99d12..45c4c5ac8 100644
--- a/docs/vpcep/umn/vpcep_03_0108.html
+++ b/docs/vpcep/umn/vpcep_03_0108.html
@@ -39,7 +39,7 @@
Delete a TagPerform the following operations to delete a tag of a VPC endpoint service:
 Deleted tags cannot be recovered. Exercise caution when performing this operation.
- - Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- On the displayed page, select the Tags tab.
- In the tag list, locate the tag and click Delete in the Operation column.
- Click Yes.
+ - Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.
- In the VPC endpoint service list, locate the VPC endpoint service and click its name.
- On the displayed page, select the Tags tab.
- In the tag list, locate the tag and click Delete in the Operation column.
- In the displayed dialog box, click OK.
diff --git a/docs/vpcep/umn/vpcep_03_0200.html b/docs/vpcep/umn/vpcep_03_0200.html
index 46bcf2e30..4bcff1f88 100644
--- a/docs/vpcep/umn/vpcep_03_0200.html
+++ b/docs/vpcep/umn/vpcep_03_0200.html
@@ -12,6 +12,8 @@
- Deleting a VPC Endpoint
+ - Configuring Access Control for a VPC Endpoint
+
- Managing Tags of a VPC Endpoint
diff --git a/docs/vpcep/umn/vpcep_03_0202.html b/docs/vpcep/umn/vpcep_03_0202.html
index 9b7da2396..2d5fd1efa 100644
--- a/docs/vpcep/umn/vpcep_03_0202.html
+++ b/docs/vpcep/umn/vpcep_03_0202.html
@@ -5,22 +5,24 @@
ConstraintsOne VPC endpoint supports up to 3,000 concurrent connections.
Querying a VPC EndpointPerform the following operations to query details of a VPC endpoint, including its ID, associated VPC endpoint service name, VPC, and status.
- - Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
On the displayed page, locate the VPC endpoint by entering a keyword in the search box in the upper right corner:
-- Search by VPC endpoint service name or VPC endpoint ID.
- Select ID or VPC Endpoint Service Name in the filter box.
- Enter a keyword in the search box.
- Click
 to start the search.VPC endpoints containing the keyword are displayed in the VPC endpoint list.
+Querying a VPC EndpointYou can query details of a VPC endpoint, including its ID, VPC, VPC endpoint service name, creation time, private domain name, status, type, IPv4 address, access control, and description.
+ - Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
On the displayed page, locate the VPC endpoint by entering a keyword in the upper search box:
+
- - In the VPC endpoint list, click the ID of the VPC endpoint to view its details.
After an interface VPC endpoint is created, a private IP address is assigned together with a private domain name if you select Create a Private Domain Name. Figure 3 Summary of the VPC endpoint (for accessing an interface VPC endpoint service)
+ - In the VPC endpoint list, click the ID of the VPC endpoint to view its details.
After an interface VPC endpoint is created, an IPv4 address is assigned together with a private domain name if you select Create a Private Domain Name. Figure 5 Summary of the VPC endpoint (for accessing an interface VPC endpoint service)
Figure 4 Summary of the VPC endpoint (for accessing a gateway VPC endpoint service)
+Figure 6 Summary of the VPC endpoint (for accessing a gateway VPC endpoint service)
-Table 1 Parameters contained in the details of a VPC endpointTab
+Table 1 Parameters contained in the details of a VPC endpointTab
|
-Parameter
+ | Parameter
|
Description
|
@@ -82,11 +84,42 @@
Specifies the creation time of the VPC endpoint.
|
|---|
+Summary
+ |
+Access Control
+ |
+Specifies whether the whitelist is enabled for IP addresses to access this VPC endpoint.
+- If Access Control is enabled, only IP addresses or CIDR blocks in the whitelist are allowed to access the VPC endpoint.
- If Access Control is disabled, any IP address or CIDR block can access the VPC endpoint.
+ NOTE: Access control can be enabled only for VPC endpoints for connecting to an interface VPC endpoint service.
+
+ |
+
+Summary
+ |
+Description
+ |
+Provides supplementary information about the VPC endpoint.
+ |
+
+Access Control
+ |
+IP Address or CIDR Block
+ |
+Specifies the IP addresses and CIDR blocks that are allowed to access the VPC endpoint.
+ |
+
+Access Control
+ |
+Operation
+ |
+Specifies the operation to be performed on whitelist records of the VPC endpoint. Only deletion is supported.
+ |
+
Route Tables
|
-Name
+ | Name/ID
|
-Specifies the name of the route table.
+ | Specifies the name or ID of the route table.
|
Route Tables
@@ -100,7 +133,7 @@
|
Type
|
-Specifies the type of the route table, which can be Default and Custom.
+ | Specifies the type of the route table, which can be Default and Custom.
|
Route Tables
@@ -114,7 +147,7 @@
|
Operation
|
-Specifies the operation to be performed on the route table. The operation can be Disassociate or Associate.
+ | Specifies the operation to be performed on the route table. The operation can be Disassociate or Associate.
|
Tags
@@ -141,6 +174,8 @@
|
 - The Access Control tab is displayed only for VPC endpoints for connecting to interface VPC endpoint services.
- The Route Tables tab is displayed only for VPC endpoints for connecting to gateway VPC endpoint services.
+ Accessing a VPC Endpoint via Its Private IP AddressPerform the following operations to access a VPC endpoint via its private IP address:
@@ -156,7 +191,7 @@
- Log in to the management console.
- In the service list, choose Network > Domain Name Service.
The DNS console is displayed.
- In the navigation pane, choose Private Zones.
The Private Zones page is displayed.
- In the private zone list, click the name of the private zone.
The Record Sets page is displayed.
- - In the record set list, locate the A record set and view its information.
When Status changes to Normal, the resolution takes effect. Figure 5 Record set of the private domain name
+ - In the record set list, locate the A record set and view its information.
When Status changes to Normal, the resolution takes effect. Figure 7 Record set of the private domain name
Accessing a VPC endpoint via its private domain name
diff --git a/docs/vpcep/umn/vpcep_03_0203.html b/docs/vpcep/umn/vpcep_03_0203.html
index a890cd9ad..cf610df22 100644
--- a/docs/vpcep/umn/vpcep_03_0203.html
+++ b/docs/vpcep/umn/vpcep_03_0203.html
@@ -5,8 +5,8 @@
Deleted VPC endpoints cannot be recovered. Exercise caution when performing this operation.
diff --git a/docs/vpcep/umn/vpcep_03_0204.html b/docs/vpcep/umn/vpcep_03_0204.html
index 83eb361e8..2cedde75b 100644
--- a/docs/vpcep/umn/vpcep_03_0204.html
+++ b/docs/vpcep/umn/vpcep_03_0204.html
@@ -34,6 +34,13 @@
Deleted VPC endpoints cannot be recovered. Exercise caution when performing this operation.
|
|
|---|
+Configuring Access Control for a VPC Endpoint
+ |
+Describes how to enable access control for a VPC endpoint and configure a whitelist of IP addresses or CIDR blocks that are allowed to access the VPC endpoint.
+ |
+- Access Control is only available for VPC endpoints for connecting to interface VPC endpoint services.
- If Access Control is disabled, any IP address can access the VPC endpoint.
- A maximum of 20 whitelist records can be added.
+ |
+
Managing Tags of a VPC Endpoint
|
Describes how to query, add, edit, and delete VPC endpoint tags.
diff --git a/docs/vpcep/umn/vpcep_03_0205.html b/docs/vpcep/umn/vpcep_03_0205.html
new file mode 100644
index 000000000..bbe0fc1f8
--- /dev/null
+++ b/docs/vpcep/umn/vpcep_03_0205.html
@@ -0,0 +1,22 @@
+
+
+Configuring Access Control for a VPC Endpoint
+ScenariosTo control IP addresses and CIDR blocks that can access a VPC endpoint, configure a whitelist. You can add or delete a whitelist record, or disable access control if you no longer need it.
+ For details about how to configure access control and whitelist when you are creating a VPC endpoint, see Creating a VPC Endpoint.
+ This section describes how to enable and configure access control after a VPC endpoint is created.
+
+ Constraints- Access Control is only available for VPC endpoints for connecting to interface VPC endpoint services.
- If Access Control is disabled, any IP address can access the VPC endpoint.
- A maximum of 20 whitelist records can be added.
+
+ Enable Access Control and Add a Whitelist Record- Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the VPC endpoint list, locate the VPC endpoint and click its ID.
- On the displayed page, click the Access Control tab.
- On the Access Control tab, click Add to Whitelist.
Figure 1 Adding a whitelist record for the VPC endpoint
+ - Enter the authorized IP addresses or CIDR blocks.
- Click OK.
+
+ Delete a Whitelist Record- Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the VPC endpoint list, locate the VPC endpoint and click its ID.
- Select the Access Control tab.
- In the whitelist, locate the IP address or CIDR block and click Delete in the Operation column.
To delete whitelist records, select all the target IP addresses or CIDR blocks and click Delete in the upper left corner.
+ - In the displayed Delete from Whitelist dialog box, click OK.
+
+ - Click OK.
Delete a TagYou can delete tags added to a VPC endpoint. Deleted tags cannot be restored. Exercise caution when performing this operation.
- - Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the VPC endpoint list, locate the VPC endpoint and click its ID.
- On the displayed page, select the Tags tab.
- In the tag list, locate the tag and click Delete in the Operation column.
- Click Yes.
+ - Log in to the management console.
- Click in the upper left corner and select the required region and project.
- Click Service List and choose Networking > VPC Endpoint.
- In the VPC endpoint list, locate the VPC endpoint and click its ID.
- On the displayed page, select the Tags tab.
- In the tag list, locate the tag and click Delete in the Operation column.
- In the displayed dialog box, click OK.
diff --git a/docs/vpcep/umn/vpcep_03_0500.html b/docs/vpcep/umn/vpcep_03_0500.html
index c6d5fdce6..767674e90 100644
--- a/docs/vpcep/umn/vpcep_03_0500.html
+++ b/docs/vpcep/umn/vpcep_03_0500.html
@@ -1,10 +1,10 @@
Quotas
- What Is Quota?Quotas can limit the number or amount of resources available to users, such as the maximum number of ECSs or EVS disks that can be created.
+ What Is Quota?Quotas can limit the number or amount of resources available to users, such as the maximum number of ECS or EVS disks that can be created.
If the existing resource quota cannot meet your service requirements, you can apply for a higher quota.
- How Do I View My Quotas?- Log in to the management console.
- Click
 in the upper left corner and select the desired region and project. - In the upper right corner of the page, click
 .The Service Quota page is displayed.
+How Do I View My Quotas?- Log in to the management console.
- Click in the upper left corner and select the desired region and project.
- In the upper right corner of the page, click .
The Quotas page is displayed.
- View the used and total quota of each type of resources on the displayed page.
If a quota cannot meet service requirements, apply for a higher quota.
|
-2024-07-26
+ | 2025-05-20
+ |
+This release incorporates the following changes:
+Updated the description for displaying the route table tab for VPC endpoints in Querying and Accessing a VPC Endpoint.
+ |
+
+2025-04-30
+ |
+This release incorporates the following changes:
+
+ |
+
+2025-01-15
+ |
+This release incorporates the following changes:
+
+ |
+
+2024-07-26
|
This release incorporates the following changes:
Updated the description of the Tag value in Step 1: Create a VPC Endpoint Service, Step 2: Create a VPC Endpoint, Step 1: Create a VPC Endpoint Service, Step 3: Create a VPC Endpoint, Step 1: Create a VPC Endpoint for Connecting to DNS, Step 2: Create a VPC Endpoint for Connecting to OBS, Step 1: Create a VPC Endpoint for Accessing OBS, Creating a VPC Endpoint Service, Managing Tags of a VPC Endpoint Service, Creating a VPC Endpoint, and Managing Tags of a VPC Endpoint.
@@ -17,7 +35,7 @@
| 2024-07-24
|
This release incorporates the following changes:
-
+
|
2024-07-10
@@ -35,7 +53,7 @@
| 2023-06-25
|
This release incorporates the following changes:
-
+
|
2023-06-13
diff --git a/docs/vpcep/umn/vpcep_pd_0001.html b/docs/vpcep/umn/vpcep_pd_0001.html
index cb3f5d6e3..aecc2bb6a 100644
--- a/docs/vpcep/umn/vpcep_pd_0001.html
+++ b/docs/vpcep/umn/vpcep_pd_0001.html
@@ -5,7 +5,7 @@
With IAM, you can use your account to create IAM users and assign permissions to control their access to specific cloud resources. For example, if you want website maintenance personnel in your enterprise to use VPC Endpoint resources but do not want them to delete other cloud resources or perform any other high-risk operations, you can create IAM users and grant only permissions to use VPC Endpoint resources.
If your account does not require individual IAM users for permissions management, you can skip this section.
IAM is a free service. You only pay for the resources in your account.
-For more information about IAM, see IAM Service Overview.
+For more information about IAM, see IAM Service Overview.
VPC Endpoint PermissionsNew IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
VPC Endpoint is a project-level service deployed for specific regions. You need to select a project for which the permissions will be granted. If you select All projects, the permissions will be granted for all the projects. When accessing VPC Endpoint, the users need to switch to the authorized region.
Table 1 lists all system-defined roles for VPC Endpoint.
diff --git a/docs/vpcep/umn/vpcep_ug_0003.html b/docs/vpcep/umn/vpcep_ug_0003.html
index 941cd04d4..637f645f9 100644
--- a/docs/vpcep/umn/vpcep_ug_0003.html
+++ b/docs/vpcep/umn/vpcep_ug_0003.html
@@ -1,16 +1,16 @@
Creating a User and Granting VPC Endpoint Permissions
- Use IAM to implement fine-grained permissions control over your VPC Endpoint resources. With IAM, you can:
+ Use IAM to implement fine-grained permissions control over your VPC Endpoint resources. With IAM, you can:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user has their own security credentials for accessing VPC Endpoint resources.
- Grant only the permissions required for users to perform a specific task.
- Entrust an account or a cloud service to perform efficient O&M on your VPC Endpoint resources.
If your account does not need individual IAM users, skip this section.
This section describes the process flow for granting permissions (see Figure 1).
- PrerequisitesYou must learn about permissions (see Permissions) supported by VPC Endpoint and choose policies or roles according to your requirements. To grant permissions for other services, learn about all Permissions supported by IAM.
+ PrerequisitesYou must learn about permissions (see Permissions) supported by VPC Endpoint and choose policies or roles according to your requirements. To grant permissions for other services, learn about all Permissions supported by IAM.
|
|
-
