Huawei VPC Endpoint User Manual

Download

Page 1

VPC Endpoint

User Guide (ME-Abu Dhabi Region)

Issue 01

Date 2020-11-06

HUAWEI TECHNOLOGIES CO., LTD.

Page 2

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specied in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every eort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Page 3

VPC Endpoint User Guide (ME-Abu Dhabi Region) Contents

1 Service Overview..................................................................................................................... 1

1.1 What Is VPC Endpoint?..........................................................................................................................................................1

1.2 Product Advantages................................................................................................................................................................2

1.3 Application Scenarios............................................................................................................................................................. 2

1.4 Product Concepts.....................................................................................................................................................................3

1.4.1 User Permissions.................................................................................................................................................................. 3

1.4.2 Region and AZ...................................................................................................................................................................... 3

2 Getting Started........................................................................................................................ 5

2.1 Conguring a VPC Endpoint for Communication Across VPCs............................................................................... 5

2.1.1 Overview................................................................................................................................................................................. 5

2.1.2 Conguring a VPC Endpoint for Communication Across VPCs of the Same Domain..................................6

2.1.2.1 Operation Process............................................................................................................................................................ 6

2.1.2.2 Step 1: Create a VPC Endpoint Service......................................................................................................................6

2.1.2.3 Step 2: Create a VPC Endpoint.....................................................................................................................................9

2.1.3 Conguring a VPC Endpoint for Communication Across VPCs of Dierent Domains.............................. 12

2.1.3.1 Overview........................................................................................................................................................................... 12

2.1.3.2 Operation Process.......................................................................................................................................................... 12

2.1.3.3 Step 1: Add Domain IDs to Whitelist...................................................................................................................... 12

2.1.3.4 Step 2: Create a VPC Endpoint.................................................................................................................................. 13

2.2 Conguring a VPC Endpoint for Accessing OBS over Internal Networks..........................................................16

2.2.1 Overview............................................................................................................................................................................... 16

2.2.2 Step 1: Create a VPC Endpoint for Connecting to DNS........................................................................................17

2.2.3 Step 2: Create a VPC Endpoint for Connecting to OBS........................................................................................ 19

2.2.4 Step 3: Access OBS............................................................................................................................................................ 21

3 Management.......................................................................................................................... 23

3.1 VPC Endpoint Services......................................................................................................................................................... 23

3.1.1 Creating a VPC Endpoint Service................................................................................................................................. 23

3.1.2 Viewing a VPC Endpoint Service.................................................................................................................................. 26

3.1.3 Deleting a VPC Endpoint Service................................................................................................................................. 28

3.1.4 Managing Connections.................................................................................................................................................... 29

3.1.5 Managing Permissions.....................................................................................................................................................29

3.1.6 Viewing Port Mappings................................................................................................................................................... 30

Page 4

VPC Endpoint User Guide (ME-Abu Dhabi Region) Contents

3.2 VPC Endpoints........................................................................................................................................................................ 30

3.2.1 Creating a VPC Endpoint.................................................................................................................................................31

3.2.2 Querying and Accessing a VPC Endpoint.................................................................................................................. 33

3.2.3 Deleting a VPC Endpoint.................................................................................................................................................34

4 FAQs.......................................................................................................................................... 36

4.1 What Is a Quota?.................................................................................................................................................................. 36

4.2 How Can I Check Network Congurations of the ECS Hosting the VPC Endpoint Service?...................... 36

4.3 What Are Statuses of VPC Endpoint Services and VPC Endpoints?.....................................................................36

A Change History...................................................................................................................... 38

Page 5

NO TE

VPC Endpoint User Guide (ME-Abu Dhabi Region) 1 Service Overview

1 Service Overview

1.1 What Is VPC Endpoint?

The VPC Endpoint (VPCEP) service provides secure and private channels to connect your VPC to VPC endpoint services (cloud services on the current platform or your private services) without having to use EIPs.

VPCEP provides two types of resources: VPC endpoint services and VPC endpoints. For details, see Application Scenarios.

VPC Endpoint Services

VPC endpoint services are cloud services or users' private services that are congured in VPCEP. There are two types of VPC endpoint services: gateway and interface.

● Gateway VPC endpoint services are cloud services that are operations people and supported by VPCEP.

● Interface VPC endpoint services include cloud services operations people and private services congured by users.

● The cloud service platform congures some cloud services as VPC endpoint services by default. Users do not have the permission to congure such services but can select them (which vary by region) when creating a VPC endpoint.

● Users can congure services or resources (such as elastic load balancers and ECSs) in their own VPC as VPC endpoint services.

congured by

VPC Endpoints

VPC endpoints are channels for connecting VPCs to VPC endpoint services. You can create an application in your VPC and endpoint can be created in another VPC in the same region and used as a channel to access the endpoint service. There are two types of VPC endpoints: interface and gateway.

congure it as an endpoint service. A VPC

Page 6

VPC Endpoint User Guide (ME-Abu Dhabi Region) 1 Service Overview

● An interface VPC endpoint is an elastic network interface with a private IP address that serves as an entry point for trac destined to a VPC endpoint service.

● A gateway VPC endpoint is a gateway that is a target for a specied route to direct trac to a VPC endpoint service.

1.2 Product Advantages

● Excellent Performance: Each gateway supports up to 1 million concurrent connections in a variety of application scenarios.

● Immediately Ready for Use Upon Creation: VPC endpoints are easy to use and can take

● Easy to Use: You can use VPC endpoints to access resources across VPCs without having to use EIPs.

● High Security: VPC endpoints enable you to access VPC endpoint services without exposing server information, helping you minimize risks.

eect a few seconds after being created.

1.3 Application Scenarios

VPCEP provides:

● High-speed cloud migration

Connect your local data center to cloud services using a Virtual Private Network (VPN) connection or a high-speed Direct Connect connection over a private network to improve access

Figure 1-1

Figure 1-1 High-speed cloud migration

briey illustrates this application scenario.

eciency and security with low costs.

● Cross-VPC connection

Dierent VPCs cannot communicate with each other. To solve this problem, you can create an application in your VPC and congure it as a VPC endpoint

Page 7

VPC Endpoint User Guide (ME-Abu Dhabi Region) 1 Service Overview

service. A VPC endpoint can be created in another VPC of the same region and used as a channel to access the VPC endpoint service.

Figure 1-2 briey illustrates this application scenario.

Figure 1-2 Cross-VPC connection

1.4 Product Concepts

1.4.1 User Permissions

The cloud system provides two types of user permissions by default, user management and resource management.

● User management refers to management of users, user groups, and user group permissions.

● Resource management refers to access control over cloud service resources.

VPCEP provides two types of resources: VPC endpoint services and VPC endpoints, both of which are region-level resources. The required permissions must be added for users in the project.

1.4.2 Region and AZ

Concept

A region and availability zone (AZ) identify the location of a data center. You can create resources in a

specic region and AZ.

Page 8

VPC Endpoint User Guide (ME-Abu Dhabi Region) 1 Service Overview

● A region is a physical data center, which is completely isolated to improve fault tolerance and stability. The region that is selected during resource creation cannot be changed after the resource is created.

● An AZ is a physical location where resources use independent power supplies and networks. A region contains one or more AZs that are physically isolated but interconnected through internal networks. Because AZs are isolated from each other, any fault that occurs in an AZ will not

Figure 1-3 shows the relationship between regions and AZs.

Figure 1-3 Regions and AZs

aect other AZs.

Selecting a Region

Select a region closest to your target users for low network latency and quick access.

Selecting an AZ

When deploying resources, consider your applications' requirements on disaster recovery (DR) and network latency.

● For high DR capability, deploy resources in region.

● For low network latency, deploy resources in the same AZ.

Regions and Endpoints

Before you use an API to call resources, specify its region and endpoint. For more details, see Regions and Endpoints.

dierent AZs within the same

Page 9

NO TE

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

2 Getting Started

2.1 Conguring a VPC Endpoint for Communication Across VPCs

2.1.1 Overview

VPCEP supports cross-VPC communication. With VPCEP, two VPCs created by the same domain or a private IP address to access resources across the VPCs despite of network isolation between them.

Figure 2-1 shows how an ECS in VPC1 accesses a VPC endpoint service in VPC2

using a VPC endpoint.

Figure 2-1

dierent domains can communicate with each other. You can use

Conguring a VPC endpoint for communication Across VPCs

The above is an example on how to congure VPC endpoints for communication across VPCs in the same region.

Page 10

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

2.1.2 Conguring a VPC Endpoint for Communication Across VPCs of the Same Domain

2.1.2.1 Operation Process

Figure 2-2 shows how to congure networks between two VPCS of the same

domain using VPCEP.

Figure 2-2 Operation process

2.1.2.2 Step 1: Create a VPC Endpoint Service

Scenarios

This section describes how to create a VPC endpoint service by selecting an elastic load balancer as an example backend service.

Procedure

1. Log in to the management console.

2. Click

3. Click Service List and choose VPC Endpoint under Network.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services and click Create VPC Endpoint Service.

The Create VPC Endpoint Service page is displayed.

Congure parameters by referring to Table 2-1.

in the upper left corner and select the required region and project.

Page 11

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Table 2-1 Required parameters

Parameter Description

Region Species the region where the VPC endpoint service is

located.

Resources in dierent regions cannot communicate with each other over internal networks. Select the nearest region for lower network latency and faster access to resources.

VPC Species the VPC where the VPC endpoint service is located.

Service Type Species the type of the VPC endpoint service. The value

can only be Interface.

Connection Approval

Species whether the connection between a VPC endpoint and a VPC endpoint service requires approval from the owner of the VPC endpoint service.

You can determine whether to enable or disable the connection approval.

If connection approval is enabled, any VPC endpoint for connecting to the VPC endpoint service needs to be approved. For details, see step 5.

Port Mapping Species the protocol and ports used for communication

between the VPC endpoint service and VPC endpoint. The protocol is TCP.

● Service Port: A service port is provided by the backend service bound to the endpoint service.

● Terminal Port: A terminal port is provided by the VPC endpoint, allowing you to access the VPC endpoint service.

The service and terminal port numbers range from 1 to

65535. A maximum of 50 port mappings can be added at a

time.

NOTE

Accessing a VPC endpoint service from a VPC endpoint is to access the service port from the associated terminal port.

Page 12

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Parameter Description

Backend Resource Type

Load Balancer

Species the type of the backend resource that provides services to be accessed.

This parameter can be set to Elastic load balancer or ECS.

● Elastic load balancer: Select this value if the backend resource is an elastic load balancer. Backend resources of this type suit services that receive high access

trac and demand high reliability and disaster recovery (DR) performance.

● ECS: Select this value if the backend resource is an Elastic Cloud Server (ECS). Backend resources of this type serve as servers.

Example: Elastic load balancer

NOTE

Security groups use the whitelist mechanism. For the security group of the backend resource you need to add an inbound rule for the whitelist, where the source IP address is 198.19.128.0/20. For details, see Adding a Security Group Rule in the

congured for the VPC endpoint service,

Virtual Private Cloud User Guide

When Backend Resource Type is set to Elastic load balancer, select the load balancer that provides services from the drop-down list. Only elastic load balancers are supported.

NOTE

If an elastic load balancer is used as the backend resource, the source IP address received by the VPC endpoint service is not the real address of the client.

Tag This parameter is optional.

Species the VPC endpoint service tag, which consists of a key and a value. You can add a maximum of 10 tags to each VPC endpoint service.

Tag keys and values must meet requirements listed in Table

2-2.

Table 2-2 Tag requirements for VPC endpoint services

Parameter

Requirement

Tag key ● Cannot be left blank.

● Must be unique for each resource.

● Can contain a maximum of 36 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

Page 13

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Parameter Requirement

Tag value ● Cannot be left blank.

● Can contain a maximum of 43 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

6. Click Create Now.

7. On the displayed page, click Back to VPC Endpoint Service List to view the newly-created VPC endpoint service.

8. In the VPC endpoint service list, locate the target VPC endpoint service and click its name to view the details.

2.1.2.3 Step 2: Create a VPC Endpoint

Scenarios

Procedure

This section describes how to create a VPC endpoint in another VPC of your own for connecting to the VPC endpoint service.

1. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoints.

2. On the displayed page, click Create VPC Endpoint.

Congure parameters by referring to Table 2-3.

Table 2-3 Required parameters

Parameter

Region Species the region where the VPC endpoint is located. This

Service Category

Description

region is the same as that of the VPC endpoint service.

There are two options: Cloud services or Find a service by name.

● Cloud services: Select this value if the target VPC endpoint service is a cloud service.

● Find a service by name: Select this value if the target VPC endpoint service is a private service of your own.

Example: Find a service by name

Page 14

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Parameter Description

VPC Endpoint Service Name

This parameter is available only if you select Find a service by name for Service Category.

Enter the VPC endpoint service name recorded in step 8 and click Verify.

● If Service name found is displayed, proceed with subsequent operations.

● If Service name not found is displayed, check whether the region is the same as that of the connected VPC endpoint service or whether the entered service name is correct.

Private Domain Name

If you want to access a VPC endpoint using a domain name, select Create a Private Domain Name when creating a VPC endpoint. After the VPC endpoint is created, you can access it using the domain name.

● For the gateway type, this parameter is unavailable.

● For the interface type, this parameter is optional.

VPC Species the VPC where the VPC endpoint is located.

Subnet Species the subnet where the VPC endpoint is located.

Tag This parameter is optional.

Species the VPC endpoint tag, which consists of a key and a value. You can add a maximum of 10 tags to each VPC endpoint.

Tag keys and values must meet requirements listed in Table

2-4.

Table 2-4 Tag requirements for VPC endpoints

Parameter

Requirement

Tag key ● Cannot be left blank.

● Must be unique for each resource.

● Can contain a maximum of 36 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

Tag value ● Cannot be left blank.

● Can contain a maximum of 43 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

Page 15

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

4. Conrm the specications and click Create Now.

– If all of the specications are correct, click Submit.

– If any of the

previous page and modify the parameters as needed, and click Submit.

5. Manage the connection of the VPC endpoint.

If the status of the VPC endpoint changes to Accepted, the VPC endpoint is connected to the required VPC endpoint service. If the status is Pending acceptance, connection approval is enabled for the endpoint service and you need to contact the owner of the endpoint service and ask the owner to perform the following operations:

a. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint

Services.

b. In the VPC endpoint service list, locate the target VPC endpoint service

and click its name.

c. On the displayed page, select the Connection Management tab.

specications are incorrect, click Previous to return to the

▪ If you allow a VPC endpoint to connect to this VPC endpoint service,

locate the target VPC endpoint and click Accept in the Operation column.

If you refuse a VPC endpoint from connecting to this VPC endpoint

▪

service, click Reject in the Operation column.

d. Go back to the VPC endpoint list and check whether the status of the

target VPC endpoint changes to Accepted. If yes, the VPC endpoint is connected to the VPC endpoint service.

6. In the VPC endpoint list, click details.

After a VPC endpoint is created, a private IP address and a private domain name are generated if you select Create a Private Domain Name during creation.

You can use the private IP address or private domain name to access the VPC endpoint service.

Conguration Verication

Figure 2-3 Logging in to the ECS to access the VPC endpoint

before the target VPC endpoint to view its

Page 16

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

2.1.3 Conguring a VPC Endpoint for Communication Across VPCs of

Dierent Domains

2.1.3.1 Overview

You can create a VPC endpoint using your domain in your VPC and use this VPC endpoint to connect to a VPC endpoint service that is created using another domain in another VPC.

The two VPCs must be in the same region.

Before creating a VPC endpoint, you need to provide your own domain ID and have it added to the whitelist of the VPC endpoint service in the required format.

2.1.3.2 Operation Process

Figure 2-4 shows the process of connecting to a VPC endpoint service created by

another domain.

Figure 2-4 Operation process

2.1.3.3 Step 1: Add Domain IDs to Whitelist

Scenarios

This section describes how to obtain your own domain ID and add it to the whitelist of an existing VPC endpoint service in another domain.

Prerequisites

The target VPC endpoint service already exists in the other domain.

Page 17

NO TE

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Obtain the Authorized Domain ID

1. Log in to the management console.

2. View the domain information in the upper right corner and choose My Credentials.

The My Credentials page is displayed. You can view the domain ID.

Add an Authorized Domain ID to the Whitelist of a VPC Endpoint Service

1. Log in to the management console.

2. Click

in the upper left corner and select the required region and project.

3. Click Service List and choose VPC Endpoint under Network.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.

5. On the displayed page, click the name of the VPC endpoint service for which a whitelist record will be added.

6. On the displayed page, select the Permission Management tab and click Add to Whitelist.

7. On the displayed page, enter the authorized domain ID.

8. Click OK.

● Your domain is in the whitelist of your own VPC endpoint service by default.

● The authorized domain ID is in the iam:domain::domain_id format.

domain_id

iam:domain::1564ec50ef2a47c791ea5536353ed4b9

● Adding * to the whitelist means that all users can access the VPC endpoint service.

indicates the domain ID of the authorized user, for example,

2.1.3.4 Step 2: Create a VPC Endpoint

Scenarios

This section describes how to create a VPC endpoint in another VPC of your own for connecting to the VPC endpoint service.

Select the same region and project as those of the VPC endpoint service.

Procedure

1. Log in to the management console.

2. Click in the upper left corner and select the required region and project.

3. Click Service List and choose VPC Endpoint under Network.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoints.

5. On the VPC Endpoints page, click Create VPC Endpoint.

The Create VPC Endpoint page is displayed.

Page 18

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

6. Congure parameters by referring to Table 2-5.

Table 2-5 Required parameters

Parameter Description

Region Species the region where the VPC endpoint is located. This

region is the same as that of the VPC endpoint service.

Service Category

VPC Endpoint Service Name

There are two options: Cloud services or Find a service by name.

● Cloud services: Select this value if the target VPC endpoint service is a cloud service.

● Find a service by name: Select this value if the target VPC endpoint service is a private service of your own.

Example: Find a service by name

This parameter is available only if you select Find a service by name for Service Category.

In the VPC endpoint service list, locate the target VPC endpoint service, copy its name in the Name column, paste it in the VPC Endpoint Service Name text box, for example,

eu-de.69e93219-e3ad-43b9-8416-9d788319ac9f, and click Verify.

● If Service name found is displayed, proceed with subsequent operations.

● If Service name not found is displayed, check whether the region is the same as that of the connected VPC endpoint service or whether the entered service name is correct.

Private Domain Name

If you want to access a VPC endpoint using a domain name, select Create a Private Domain Name when creating a VPC endpoint. After the VPC endpoint is created, you can access it using the domain name.

● For the gateway type, this parameter is unavailable.

● For the interface type, this parameter is optional.

VPC Species the VPC where the VPC endpoint is located.

Subnet Species the subnet where the VPC endpoint is located.

Tag This parameter is optional.

Species the VPC endpoint tag, which consists of a key and a value. You can add a maximum of 10 tags to each VPC endpoint.

Tag keys and values must meet requirements listed in Table

2-6.

Page 19

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Table 2-6 Tag requirements for VPC endpoints

Parameter Requirement

Tag key ● Cannot be left blank.

● Must be unique for each resource.

● Can contain a maximum of 36 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

Tag value ● Cannot be left blank.

● Can contain a maximum of 43 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

7. Conrm the specications and click Create Now.

– If all of the specications are correct, click Submit.

– If any of the specications are incorrect, click Previous to return to the

previous page and modify the parameters as needed, and click Submit.

8. Manage the connection of the VPC endpoint.

a. Log in to the management console.

b. Click

project.

c. Click Service List and choose VPC Endpoint under Network.

d. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint

Services.

e. In the VPC endpoint service list, locate the target VPC endpoint service

and click its name.

f. On the displayed page, select the Connection Management tab.

in the upper left corner and select the required region and

▪ If you allow a VPC endpoint to connect to this VPC endpoint service,

locate the target VPC endpoint and click Accept in the Operation column.

▪ If you refuse a VPC endpoint from connecting to this VPC endpoint

service, click Reject in the Operation column.

g. Go back to the VPC endpoint list and check whether the status of the

target VPC endpoint changes to Accepted. If yes, the VPC endpoint is connected to the VPC endpoint service.

Page 20

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

9. In the VPC endpoint list, click before the target VPC endpoint to view its details.

After a VPC endpoint is created, a private IP address and a private domain name are generated if you select Create a Private Domain Name during creation.

You can use the private IP address or private domain name to access the VPC endpoint service.

2.2

Conguring a VPC Endpoint for Accessing OBS over

Internal Networks

2.2.1 Overview

Scenarios

If you want to access a cloud service like OBS from a local data center, you can connect the local data center to your VPC using a VPN connection or a direct connection and then connect your VPC to a cloud service using a VPC endpoint.

A VPC endpoint always comes with a VPC endpoint service. Before creating a VPC endpoint, you need to ensure that the VPC endpoint service to be connected is already created.

The VPC endpoint services used in this scenario are as follows:

● VPC endpoint service for DNS: resolves OBS domain names at your local data center.

● VPC endpoint service for OBS: functions as the OBS service for users to access.

This section describes how to use a VPC endpoint to connect your local data center to cloud services using a VPN connection or a direct connection, for example, OBS.

Prerequisites

● Your local data center has been connected to your VPC using a VPN connection or a direct connection.

– The local subnet of your VPC that interconnects with your VPN

connection contains the OBS CIDR block 100.125.0.0/16.

For details about how to create a VPN, see the

Guide

– The CIDR block of the virtual gateway associated with your direct

connection contains the OBS CIDR block 100.125.0.0/16.

For details about how to enable Direct Connect, see the

User Guide

● The target VPC endpoint service already exists.

Virtual Private Cloud User

Direct Connect

Page 21

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Operation Process

Figure 2-5 shows the VPC endpoint conguration process.

Figure 2-5 VPC endpoint conguration process

2.2.2 Step 1: Create a VPC Endpoint for Connecting to DNS

Scenarios

This section describes how to create a VPC endpoint for accessing a DNS server, in order to forward requests of resolving OBS domain names.

Procedure

1. Log in to the management console.

2. Click in the upper left corner and select the required region and project.

3. Click Service List and choose VPC Endpoint under Network.

4. On the VPC Endpoints page, click Create VPC Endpoint.

The Create VPC Endpoint page is displayed.

Congure parameters by referring to Table 2-7.

Page 22

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Table 2-7 Required parameters

Parameter Description

Region Species the region where the VPC endpoint is located.

Resources in dierent regions cannot communicate with each other over internal networks. Select the nearest region for lower network latency and faster access to resources.

Service Category

There are two options: Cloud services or Find a service by name.

● Cloud services: Select this value if the target VPC endpoint service is a cloud service.

● Find a service by name: Select this value if the target VPC endpoint service is a private service of your own.

Example: Cloud services

Service List This parameter is available only if you select Cloud

services for Service Category.

The VPC endpoint service has been created by operations people and you can use it without having to perform the creation operation.

Select the VPC endpoint service for DNS.

Private Domain Name

If you want to access a VPC endpoint using a domain name, select Create a Private Domain Name when creating a VPC endpoint. After the VPC endpoint is created, you can access it using the domain name.

This parameter can only be congured for VPC endpoints of the interface type, and its setting depends on the type of target VPC endpoint services:

● For the gateway type, this parameter is unavailable.

● For the interface type, this parameter is optional.

VPC Species the VPC where the VPC endpoint is located.

Subnet This parameter is available only if you create a VPC

endpoint for connecting to an interface VPC endpoint service.

Species the subnet where the VPC endpoint is located.

Tag This parameter is optional.

Species the VPC endpoint tag, which consists of a key and a value. You can add a maximum of 10 tags to each VPC endpoint.

Tag keys and values must meet requirements listed in

Table 2-8.

Page 23

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Table 2-8 Tag requirements for VPC endpoints

Parameter Requirement

Tag key ● Cannot be left blank.

● Must be unique for each resource.

● Can contain a maximum of 36 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

Tag value ● Cannot be left blank.

● Can contain a maximum of 43 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

6. Conrm the specications and click Create Now.

– If all of the specications are correct, click Submit.

– If any of the specications are incorrect, click Previous to return to the

previous page and modify the parameters as needed, and click Submit.

7. Click Back to VPC Endpoint List after the task is submitted.

If the status of the VPC endpoint changes to Accepted, the VPC endpoint for connecting to the VPC endpoint service for DNS is created.

8. Click

After a VPC endpoint is created, a private IP address and a private domain name are generated if you select Create a Private Domain Name during creation.

to view details of the VPC endpoint.

2.2.3 Step 2: Create a VPC Endpoint for Connecting to OBS

Scenarios

This section describes how to create a VPC endpoint to access OBS from your local data center.

Procedure

1. On the displayed page, click Create VPC Endpoint.

The Create VPC Endpoint page is displayed.

Congure parameters by referring to Table 2-9.

Page 24

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Table 2-9 Required parameters

Parameter Description

Region Species the region where the VPC endpoint is located.

Resources in dierent regions cannot communicate with each other over internal networks. Select the nearest region for lower network latency and faster access to resources.

Service Category

There are two options: Cloud services or Find a service by name.

● Cloud services: Select this value if the target VPC endpoint service is a cloud service.

● Find a service by name: Select this value if the target VPC endpoint service is a private service of your own.

Example: Cloud services

Service List This parameter is available only if you select Cloud

services for Service Category.

The VPC endpoint service has been created by operations people and you can use it without having to perform the creation operation.

Select the VPC endpoint service for OBS.

VPC Species the VPC where the VPC endpoint is located.

Tag This parameter is optional.

Species the VPC endpoint tag, which consists of a key and a value. You can add a maximum of 10 tags to each VPC endpoint.

Tag keys and values must meet requirements listed in

Table 2-10.

Table 2-10 Tag requirements for VPC endpoints

Parameter

Requirement

Tag key ● Cannot be left blank.

● Must be unique for each resource.

● Can contain a maximum of 36 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

Page 25

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

Parameter Requirement

Tag value ● Cannot be left blank.

● Can contain a maximum of 43 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

3. Conrm the specications and click Create Now.

– If all of the specications are correct, click Submit.

– If any of the

previous page and modify the parameters as needed, and click Submit.

4. Click Back to VPC Endpoint List after the task is submitted.

If the status of the VPC endpoint changes from Creating to Accepted, the VPC endpoint for connecting to the VPC endpoint service for OBS is created.

5. Click

to view details of the VPC endpoint.

2.2.4 Step 3: Access OBS

Scenarios

This section describes how to access OBS using a VPN connection or a direct connection.

Procedure

1. In the VPC endpoint list, locate the VPC endpoint for connecting to DNS and

click before its ID to view the private IP address.

2. Add DNS records on the DNS server at your local data center to forward requests for resolving OBS domain names to the VPC endpoint for accessing DNS.

specications are incorrect, click Previous to return to the

The methods of operating systems. For details, see the DNS software operation documents.

This step uses the common DNS software Bind as an example to forwarding rules in the UNIX operating system as follows:

le /etc/named.conf, add the DNS forwarder conguration and set

forwarders to the private IP address of the VPC endpoint for accessing DNS.

options {

forward only;

forwarders{

};

conguring DNS forwarding rules vary depending on

xx.xx.xx.xx

;};

congure

Page 26

NO TE

VPC Endpoint User Guide (ME-Abu Dhabi Region) 2 Getting Started

● If no DNS server is available at your local data center, add the private IP address of the VPC endpoint in le /etc/resolv.conf.

●

xx.xx.xx.xx

is the private IP address described in step 1.

3. Congure a DNS route from your local data center to the VPN gateway or Direct Connect gateway.

xx.xx.xx.xx

indicates the private IP address of the VPC endpoint. To access DNS using a VPN connection or a direct connection, you need to ensure that trac from your local data center to DNS is directed to the VPN gateway or Direct Connect gateway.

Congure a permanent route at your local data center and specify the IP address of the Direct Connect or VPN gateway as the next hop for accessing DNS.

route -p add xx.xx.xx.xx mask 255.255.255.255 xxx.xxx.xxx.xxx

●

xx.xx.xx.xx

●

xxx.xxx.xxx.xxx

created at your local data center.

is the private IP address described in step 1.

indicates the IP address of the Direct Connect or VPN gateway

4. Congure an OBS route from the local data center to the VPN or Direct Connect gateway.

The CIDR block of the VPC endpoint for accessing OBS is 100.125.0.0/16. To access OBS using a VPN connection or direct connection, you need to ensure

trac from your local data center to OBS is directed to the VPN gateway

that or Direct Connect gateway.

Congure a permanent route at your local data center and specify the Direct Connect or VPN gateway as the next hop for accessing OBS.

route -p add 100.125.0.0 mask 255.255.0.0 xxx.xxx.xxx.xxx

xxx.xxx.xxx.xxx

at your local data center.

indicates the IP address of the Direct Connect or VPN gateway created

5. At the local data center, run the following command to verify the connectivity with OBS:

telnet xx.xx.xx.xx

xx.xx.xx.xx

indicates the private IP address described in 1.

Page 27

NO TE

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

3 Management

3.1 VPC Endpoint Services

3.1.1 Creating a VPC Endpoint Service

Scenarios

VPC endpoint services are cloud services or users' private services that are congured in VPCEP. There are two types of VPC endpoint services: gateway and interface.

● Gateway VPC endpoint services are cloud services that are congured by operations people and supported by VPCEP.

● Interface VPC endpoint services include cloud services congured by operations people and private services

● Users can congure services or resources (such as elastic load balancers and ECSs) in their own VPC as VPC endpoint services.

This section describes how to create an interface VPC endpoint service.

Procedure

congured by users.

1. Log in to the management console.

2. Click in the upper left corner and select the required region and project.

3. Click Service List and choose VPC Endpoint under Network.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services, and click Create VPC Endpoint Service.

The Create VPC Endpoint Service page is displayed.

Page 28

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

5. Congure parameters by referring to Table 3-1.

Table 3-1 Required parameters

Parameter Description

Region Species the region where the VPC endpoint service is

located.

Resources in dierent regions cannot communicate with each other over internal networks. Select the nearest region for lower network latency and faster access to resources.

VPC Species the VPC where the VPC endpoint service is

located.

Service Type Species the type of the VPC endpoint service. The value

can only be Interface.

Connection Approval

Species whether the connection between a VPC endpoint and a VPC endpoint service requires approval from the owner of the VPC endpoint service.

You can determine whether to enable or disable the connection approval.

If connection approval is enabled, any VPC endpoint for connecting to the VPC endpoint service needs to be approved. For details, see Managing Connections.

Port Mapping Species the protocol and ports used for communication

between the VPC endpoint service and VPC endpoint. The protocol is TCP.

● Service Port: A service port is provided by the backend service bound to the endpoint service.

● Terminal Port: A terminal port is provided by the VPC endpoint, allowing you to access the VPC endpoint service.

The service and terminal port numbers range from 1 to

65535. A maximum of 50 port mappings can be added at a

time.

NOTE

Accessing a VPC endpoint service from a VPC endpoint is to access the service port from the associated terminal port.

After a port mapping is added, it cannot be

modied or deleted.

Page 29

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

Parameter Description

Backend Resource Type

Load Balancer

Species the type of the backend resource that provides services to be accessed.

This parameter can be set to Elastic load balancer or ECS.

● Elastic load balancer: Select this value if the backend resource is an elastic load balancer. Backend resources of this type suit services that receive high access

trac and demand high reliability and disaster recovery (DR) performance.

● ECS: Select this value if the backend resource is an Elastic Cloud Server (ECS). Backend resources of this type serve as servers.

Example: Elastic load balancer

NOTE

congured for the VPC endpoint service,

Virtual Private Cloud User Guide

When Backend Resource Type is set to Elastic load balancer, select the load balancer that provides services from the drop-down list. Only elastic load balancers are supported.

NOTE

If an elastic load balancer is used as the backend resource, the source IP address received by the VPC endpoint service is not the real address of the client.

ECS When Backend Resource Type is set to ECS, select the ECS

that provides services from the drop-down list.

Tag This parameter is optional.

Species the VPC endpoint service tag, which consists of a key and a value. You can add a maximum of 10 tags to each VPC endpoint service.

Tag keys and values must meet requirements listed in Table

3-2.

Table 3-2 Tag requirements for VPC endpoint services

Parameter

Requirement

Tag key ● Cannot be left blank.

● Must be unique for each resource.

● Can contain a maximum of 36 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

Page 30

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

Parameter Requirement

Tag value ● Cannot be left blank.

● Can contain a maximum of 43 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

6. Click Create Now.

7. Click Back to VPC Endpoint Service List to view the newly-created VPC endpoint service.

3.1.2 Viewing a VPC Endpoint Service

Scenarios

This section describes how to view a VPC endpoint service, including the name, ID, backend resource type, backend resource name, VPC, status, connection approval, service type, and creation time.

Procedure

1. Log in to the management console.

2. Click in the upper left corner and select the required region and project.

3. Click Service List and choose VPC Endpoint under Network.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.

5. In the VPC endpoint service list, locate the target VPC endpoint service and click its name to view details.

Details of a VPC endpoint service include the summary, connection management, permission management, tags, and port mappings.

Table 3-3 Parameter description

Tab

Summary Name Species the name of the VPC

Parameter Description

endpoint service.

ID Species the ID of the VPC endpoint

service.

Backend Resource Type

Backend Resource Name

Species the type of the backend resource that provides services to be accessed.

Species the name of the backend resource that provides services to be accessed.

Page 31

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

Tab Parameter Description

VPC Species the region where the VPC

endpoint service is deployed.

Status Species the status of the VPC

endpoint service.

Connection Approval Species whether connection

approval is required.

Service Type Species the type of the VPC

endpoint service.

Created Species the creation time of the

VPC endpoint service.

Connection Management

VPC Endpoint ID Species the ID of the VPC

endpoint.

Packet ID Species the identier of the VPC

endpoint ID.

Status Species the status of the VPC

endpoint.

For details about statuses of a VPC endpoint, see What Are Statuses

of VPC Endpoint Services and VPC Endpoints?

Owner Species the owner who creates the

VPC endpoint. The value can be the domain ID of the owner.

Created Species the creation time of the

VPC endpoint.

Operation Species whether to allow a VPC

endpoint to connect to a VPC endpoint service. The value can be Accept or Reject.

Permission Management

Authorized DomainIDSpecies the authorized domain ID

for connecting to the VPC endpoint. The value can also be *.

If you add an asterisk (*) to the whitelist, it means that all users can access the VPC endpoint service.

Operation Species the operation of deleting

an authorized domain ID from the whitelist.

Page 32

NO TE

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

Tab Parameter Description

Port Mapping Protocol Species the protocol and ports

used for communication between the VPC endpoint service and VPC endpoint.

Service Port Species the port provided by the

backend service bound to the VPC endpoint service.

Terminal Port Species the port provided by the

VPC endpoint, allowing you to access the VPC endpoint service.

Tag Key Species the tag key of the VPC

endpoint service.

Value Species the tag value of the VPC

endpoint service.

Operation Species the operation on the VPC

endpoint service tag, for example, you can select Edit or Delete.

3.1.3 Deleting a VPC Endpoint Service

Scenarios

This section describes how to delete a VPC endpoint service based on service requirements.

● You can only delete those VPC endpoint services created by yourself, or those that have no VPC endpoints or have VPC endpoints in the Pending acceptance, Rejected, Failed, or Deleting status.

● VPC endpoint services that have VPC endpoints in the Accepted or Creating status cannot be deleted.

Procedure

1. Log in to the management console.

2. Click

3. Click Service List and choose VPC Endpoint under Network.

in the upper left corner and select the required region and project.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.

5. In the VPC endpoint service list, locate the target VPC endpoint service and click Delete in the Operation column.

6. Click Yes.

Page 33

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

3.1.4 Managing Connections

Scenarios

To connect to a VPC endpoint service that has connection approval enabled, you need to obtain the approval from the owner of the endpoint service.

This section describes how to accept or reject a VPC endpoint for a VPC endpoint service.

Procedure

1. Log in to the management console.

2. Click in the upper left corner and select the required region and project.

3. Click Service List and choose VPC Endpoint under Network.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.

5. In the VPC endpoint service list, locate the target VPC endpoint service and click its name.

6. Click the Connection Management tab.

7. Accept or reject a VPC endpoint in the list based on service requirements.

3.1.5 Managing Permissions

Scenarios

Connection management controls the access of a VPC endpoint in one domain to a VPC endpoint service in another domain.

After a VPC endpoint service is created, you can add an authorized domain ID to or delete it from the whitelist of the endpoint service.

The whitelist is only checked on creation of a VPC endpoint. Please pay attention to the following points:

● If the whitelist is empty, creation of a VPC endpoint in another domain is not supported.

● If a domain ID is already in the whitelist of the VPC endpoint service, you can use this domain to create a VPC endpoint for connecting to the VPC endpoint service.

● If a domain ID is not in the whitelist of the VPC endpoint service, you cannot use this domain to create a VPC endpoint for connecting to the VPC endpoint service.

Procedure

1. Log in to the management console.

2. Click

3. Click Service List and choose VPC Endpoint under Network.

in the upper left corner and select the required region and project.

Page 34

NO TE

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.

5. In the VPC endpoint service list, locate the target VPC endpoint service and click its name.

6. Click the Permission Management tab.

7. On the displayed page, click Add to Whitelist, set the required parameters, and enter an authorized domain ID.

● Your domain is in the whitelist of your own VPC endpoint service by default.

● The authorized domain ID is in the iam:domain::domain_id format.

domain_id

iam:domain::1564ec50ef2a47c791ea5536353ed4b9

● Adding * to the whitelist means that all users can access the VPC endpoint service.

8. Delete one or more whitelist records.

– To delete a single whitelist record, locate the target authorized domain ID

and click Delete in the Operation column.

indicates the domain ID of the authorized user, for example,

– To delete multiple whitelist records, select the authorized domain IDs to

be deleted and click Delete in the upper part.

3.1.6 Viewing Port Mappings

Scenarios

After a VPC endpoint service is created, you can view the added port mappings.

Port mappings cannot be modied or deleted.

Procedure

1. Log in to the management console.

2. Click in the upper left corner and select the required region and project.

3. Click Service List and choose VPC Endpoint under Network.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services.

5. In the VPC endpoint service list, locate the target VPC endpoint service and click its name.

6. On the displayed page, select the Port Mapping tab.

All added port mappings are displayed.

3.2 VPC Endpoints

Page 35

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

3.2.1 Creating a VPC Endpoint

Scenarios

VPC endpoints are channels for connecting VPCs to VPC endpoint services. You can create an application in your VPC and congure it as an endpoint service. A VPC endpoint can be created in another VPC in the same region and used as a channel to access the endpoint service. There are two types of VPC endpoints: interface and gateway.

● An interface VPC endpoint is an elastic network interface with a private IP address that serves as an entry point for service.

trac destined to a VPC endpoint

Procedure

● A gateway VPC endpoint is a gateway that is a target for a direct trac to a VPC endpoint service.

This section describes how to create a VPC endpoint as needed.

1. Log in to the management console.

2. Click

3. Click Service List and choose VPC Endpoint under Network.

4. On the displayed page, click Create VPC Endpoint.

5. On the Create VPC Endpoint page, set the parameters as prompted.

For parameters for creating a VPC endpoint, see Table 3-4.

Table 3-4 Required parameters

Parameter

Region Species the region where the VPC endpoint is located.

in the upper left corner and select the required region and project.

Description

Resources in dierent regions cannot communicate with each other over internal networks. Select the nearest region for lower network latency and faster access to resources.

specied route to

Service Category

Service List This parameter is available only if you select Cloud services

There are two options: Cloud services or Find a service by name.

● Cloud services: Select this value if the target VPC endpoint service is a cloud service.

● Find a service by name: Select this value if the target VPC endpoint service is a private service of your own.

for Service Category.

The VPC endpoint service has been created by operations people and you can use it without having to perform the creation operation.

Page 36

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

Parameter Description

VPC Endpoint Service Name

Private Domain Name

This parameter is available only when you select Find a service by name for Service Category.

In the VPC endpoint service list, locate the target VPC endpoint service, copy its name in the Name column, paste it in the VPC Endpoint Service Name text box, and click Verify.

● If Service name found is displayed, proceed with subsequent operations.

● If Service name not found is displayed, check whether the region is the same as that of the connected VPC endpoint service or whether the entered service name is correct.

If you want to access a VPC endpoint using a domain name, select Create a Private Domain Name when creating a VPC endpoint. After the VPC endpoint is created, you can access it using the domain name.

This parameter can only be congured for VPC endpoints of the interface type.

● For the gateway type, this parameter is unavailable.

● For the interface type, this parameter is optional.

VPC Species the VPC where the VPC endpoint is located.

Subnet This parameter is available only when you create a VPC

endpoint for connecting to an interface VPC endpoint service.

Species the subnet where the VPC endpoint is located.

Tag This parameter is optional.

Species the VPC endpoint tag, which consists of a key and a value. You can add a maximum of 10 tags to each VPC endpoint.

Tag keys and values must meet requirements listed in Table

3-5.

Table 3-5 Tag requirements for VPC endpoints

Parameter

Requirement

Tag key ● Cannot be left blank.

● Must be unique for each resource.

● Can contain a maximum of 36 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

Page 37

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

Parameter Requirement

Tag value ● Cannot be left blank.

● Can contain a maximum of 43 characters.

● Cannot start or end with a space or contain special characters =*<>\,|/

6. Conrm the specications and click Create Now.

– If all of the specications are correct, click Submit.

– If any of the

previous page and modify the parameters as needed, and click Submit.

specications are incorrect, click Previous to return to the

3.2.2 Querying and Accessing a VPC Endpoint

Scenarios

After a VPC endpoint is created, you can query its details and access it.

Query a VPC Endpoint

Perform the following operations to query details of a VPC endpoint, including the ID, associated VPC endpoint service name, VPC, and status.

1. Log in to the management console.

2. Click

3. Click Service List and choose VPC Endpoint under Network.

4. Click to view details of the VPC endpoint.

After a VPC endpoint is created, a private IP address and a private domain name are generated if you select Create a Private Domain Name during creation.

in the upper left corner and select the required region and project.

Access a VPC Endpoint (using a private IP address)

Perform the following operations to access a VPC endpoint using its private IP address:

1. In the VPC that the VPC endpoint belongs to, log in to the backend resource, for example, an ECS.

2. Select a command based on the backend resource type and run the command to access the VPC endpoint. The command format is as follows:

Command Private IP address:Port number

The following is a command example:

Private IP address:Port number

curl

Page 38

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

Access a VPC Endpoint (using a private domain name)

You can access a VPC endpoint using its private domain name if you select Create a Private Domain Name when creating the endpoint.

The system automatically creates a private zone for the generated domain name and adds A record set for the private zone to resolve the domain name into the private IP address of the VPC endpoint.

You can view the corresponding private zone and its resolution records on the DNS console.

Viewing the record set of the private domain name

1. Log in to the management console.

2. In the service list, choose Network > Domain Name Service.

The DNS console is displayed.

3. In the navigation pane, choose Private Zones.

The Private Zones page is displayed.

4. In the private zone list, click the name of the target private zone.

The record set page is displayed.

5. In the record set list, locate the target A record set and view its information.

When the value in the Status column becomes Normal, the resolution takes

eect.

Accessing a VPC endpoint using a private domain name

1. In the VPC that the VPC endpoint belongs to, log in to the backend resource, for example, an ECS.

2. Select a command based on the backend resource type and run the command to access the VPC endpoint. The command format is as follows:

Command Private domain name:Port number

The following is a command example:

curl

Private domain name:Port number

3.2.3 Deleting a VPC Endpoint

Scenarios

This section describes how to delete a VPC endpoint based on service requirements.

Procedure

1. Log in to the management console.

2. Click in the upper left corner and select the required region and project.

3. Click Service List and choose VPC Endpoint under Network.

4. In the navigation pane on the left, choose VPC Endpoint > VPC Endpoints.

5. In the VPC endpoint list, locate the target VPC endpoint and click Delete in the Operation column.

Page 39

VPC Endpoint User Guide (ME-Abu Dhabi Region) 3 Management

6. Click Yes.

Page 40

VPC Endpoint User Guide (ME-Abu Dhabi Region) 4 FAQs

4 FAQs

4.1 What Is a Quota?

4.2 How Can I Check Network Congurations of the ECS Hosting the VPC Endpoint Service?

Conrm that the security group of the ECS NIC is correctly congured.

– On the ECS details page, view the security group details.

– Check whether the security group permits IP addresses in the

198.19.128.0/20 network segment in the inbound direction. If it does not, add inbound rules for this network segment based on service requirements.

Conrm that the network ACL for the subnet used by the ECS NIC does not

trac.

block

If you can congure the network ACL on the left part of the VPC console, conrm that the subnet of the associated VPC endpoint allows trac to pass through.

4.3 What Are Statuses of VPC Endpoint Services and VPC Endpoints?

Table 4-1 describes statuses of a VPC endpoint service and their meanings.

Table 4-1 Statuses of a VPC endpoint service

Status

Creating Indicates that the VPC endpoint service is being created.

Available Indicates that the VPC endpoint service is created and can accept

Description

a VPC endpoint.

Page 41

VPC Endpoint User Guide (ME-Abu Dhabi Region) 4 FAQs

Status Description

Failed Indicates that the VPC endpoint service fails to be created.

Deleting Indicates that the VPC endpoint service is being deleted.

Deleted Indicates that the VPC endpoint service has been deleted.

Table 4-2 describes statuses of a VPC endpoint and their meanings.

Table 4-2 Statuses of a VPC endpoint

Status Description

Pending acceptance Indicates that the VPC endpoint is pending acceptance

of the owner of the associated VPC endpoint service.

Creating Indicates that the VPC endpoint is connecting to the

associated VPC endpoint service.

Accepted Indicates that the VPC endpoint is accepted by the

associated VPC endpoint service.

Rejected Indicates that the VPC endpoint is rejected by the

associated VPC endpoint service.

Failed Indicates that the VPC endpoint fails to connect to the

associated VPC endpoint service.

Deleting Indicates that the VPC endpoint is being deleted.

Page 42

VPC Endpoint User Guide (ME-Abu Dhabi Region) A Change History

A Change History

Released On Description

2020-11-06 This issue is the rst ocial release.

Huawei VPC Endpoint User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

1 Service Overview

1.1 What Is VPC Endpoint?

1.2 Product Advantages

1.3 Application Scenarios

1.4 Product Concepts

1.4.1 User Permissions

1.4.2 Region and AZ

2 Getting Started

2.1.1 Overview

2.1.2.1 Operation Process

2.1.2.2 Step 1: Create a VPC Endpoint Service

2.1.2.3 Step 2: Create a VPC Endpoint

2.1.3.1 Overview

2.1.3.2 Operation Process

2.1.3.3 Step 1: Add Domain IDs to Whitelist

2.1.3.4 Step 2: Create a VPC Endpoint

2.2.1 Overview

2.2.2 Step 1: Create a VPC Endpoint for Connecting to DNS

2.2.3 Step 2: Create a VPC Endpoint for Connecting to OBS

2.2.4 Step 3: Access OBS

3 Management

3.1 VPC Endpoint Services

3.1.1 Creating a VPC Endpoint Service

3.1.2 Viewing a VPC Endpoint Service

3.1.3 Deleting a VPC Endpoint Service

3.1.4 Managing Connections

3.1.5 Managing Permissions

3.1.6 Viewing Port Mappings

3.2 VPC Endpoints

3.2.1 Creating a VPC Endpoint

3.2.2 Querying and Accessing a VPC Endpoint

3.2.3 Deleting a VPC Endpoint

4 FAQs

4.1 What Is a Quota?

4.3 What Are Statuses of VPC Endpoint Services and VPC Endpoints?

A Change History