Huawei VPC Endpoint User Manual
VPC Endpoint
User Guide (ME-Abu Dhabi Region)
Issue |
01 |
Date |
2020-11-06 |
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise c fi in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every ff has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
i |
VPC Endpoint |
|
User Guide (ME-Abu Dhabi Region) |
Contents |
Contents
1 Service Overview..................................................................................................................... |
1 |
|
1.1 |
What Is VPC Endpoint?.......................................................................................................................................................... |
1 |
1.2 |
Product Advantages................................................................................................................................................................ |
2 |
1.3 |
Application Scenarios............................................................................................................................................................. |
2 |
1.4 |
Product Concepts..................................................................................................................................................................... |
3 |
1.4.1 User Permissions.................................................................................................................................................................. |
3 |
|
1.4.2 Region and AZ...................................................................................................................................................................... |
3 |
|
2 Getting Started........................................................................................................................ |
5 |
|||
2.1 |
nfi |
n |
a VPC Endpoint for Communication Across VPCs............................................................................... |
5 |
2.1.1 Overview................................................................................................................................................................................. |
|
5 |
||
2.1.2 |
nfi |
n |
a VPC Endpoint for Communication Across VPCs of the Same Domain.................................. |
6 |
2.1.2.1 Operation Process............................................................................................................................................................ |
6 |
|||
2.1.2.2 Step 1: Create a VPC Endpoint Service...................................................................................................................... |
6 |
|||
2.1.2.3 Step 2: Create a VPC Endpoint..................................................................................................................................... |
9 |
|||
2.1.3 |
nfi |
n |
a VPC Endpoint for Communication Across VPCs of ff n Domains.............................. |
12 |
2.1.3.1 Overview........................................................................................................................................................................... |
12 |
|||
2.1.3.2 Operation Process.......................................................................................................................................................... |
12 |
|||
2.1.3.3 Step 1: Add Domain IDs to Whitelist...................................................................................................................... |
12 |
|||
2.1.3.4 Step 2: Create a VPC Endpoint.................................................................................................................................. |
13 |
|||
2.2 |
nfi |
n |
a VPC Endpoint for Accessing OBS over Internal Networks.......................................................... |
16 |
2.2.1 Overview............................................................................................................................................................................... |
|
16 |
||
2.2.2 Step 1: Create a VPC Endpoint for Connecting to DNS........................................................................................ |
17 |
|||
2.2.3 Step 2: Create a VPC Endpoint for Connecting to OBS........................................................................................ |
19 |
|||
2.2.4 Step 3: Access OBS............................................................................................................................................................ |
21 |
|||
3 Management.......................................................................................................................... |
|
23 |
|
3.1 VPC Endpoint Services......................................................................................................................................................... |
|
23 |
|
3.1.1 Creating a VPC Endpoint Service................................................................................................................................. |
23 |
|
|
3.1.2 Viewing a VPC Endpoint Service.................................................................................................................................. |
26 |
|
|
3.1.3 Deleting a VPC Endpoint Service................................................................................................................................. |
28 |
|
|
3.1.4 Managing Connections.................................................................................................................................................... |
|
29 |
|
3.1.5 Managing Permissions..................................................................................................................................................... |
|
29 |
|
3.1.6 Viewing Port Mappings................................................................................................................................................... |
|
30 |
|
|
|
|
|
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
ii |
|
VPC Endpoint |
|
|
|
User Guide (ME-Abu Dhabi Region) |
|
Contents |
|
3.2 |
VPC Endpoints........................................................................................................................................................................ |
|
30 |
3.2.1 Creating a VPC Endpoint................................................................................................................................................. |
|
31 |
|
3.2.2 Querying and Accessing a VPC Endpoint.................................................................................................................. |
33 |
||
3.2.3 Deleting a VPC Endpoint................................................................................................................................................. |
|
34 |
|
4 FAQs.......................................................................................................................................... |
|
36 |
|
4.1 |
What Is a Quota?.................................................................................................................................................................. |
|
36 |
4.2 |
How Can I Check Network nfi |
n of the ECS Hosting the VPC Endpoint Service?...................... |
36 |
4.3 |
What Are Statuses of VPC Endpoint Services and VPC Endpoints?..................................................................... |
36 |
|
A Change History...................................................................................................................... |
|
38 |
|
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
iii |
VPC Endpoint |
|
User Guide (ME-Abu Dhabi Region) |
1 Service Overview |
1Service Overview
1.1 What Is VPC Endpoint?
The VPC Endpoint (VPCEP) service provides secure and private channels to connect your VPC to VPC endpoint services (cloud services on the current platform or your private services) without having to use EIPs.
VPCEP provides two types of resources: VPC endpoint services and VPC endpoints. For details, see Application Scenarios.
VPC Endpoint Services
VPC endpoint services are cloud services or users' private services that are
c nfi in VPCEP. There are two types of VPC endpoint services: gateway and interface.
● |
Gateway VPC endpoint services are cloud services that are c nfi |
by |
|
|
operations people and supported by VPCEP. |
|
|
● |
Interface VPC endpoint services include cloud services c nfi |
by |
|
|
operations people and private services c nfi |
by users. |
|
NOTE
● |
The cloud service platform c nfi |
some cloud services as VPC endpoint services by |
||
|
default. Users do not have the permission to c nfi |
such services but can select them |
||
|
(which vary by region) when creating a VPC endpoint. |
|
||
● |
Users can c nfi |
services or resources (such as elastic load balancers and ECSs) in |
||
their own VPC as VPC endpoint services.
VPC Endpoints
VPC endpoints are channels for connecting VPCs to VPC endpoint services. You can create an application in your VPC and c nfi it as an endpoint service. A VPC endpoint can be created in another VPC in the same region and used as a channel to access the endpoint service. There are two types of VPC endpoints: interface and gateway.
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
1 |
VPC Endpoint |
|
User Guide (ME-Abu Dhabi Region) |
1 Service Overview |
●An interface VPC endpoint is an elastic network interface with a private IP
address that serves as an entry point for |
ffic destined to a VPC endpoint |
service. |
|
● A gateway VPC endpoint is a gateway that is a target for a |
c fi route to |
direct ffic to a VPC endpoint service. |
|
1.2Product Advantages
●Excellent Performance: Each gateway supports up to 1 million concurrent connections in a variety of application scenarios.
●Immediately Ready for Use Upon Creation: VPC endpoints are easy to use
and can take ff c a few seconds after being created.
●Easy to Use: You can use VPC endpoints to access resources across VPCs without having to use EIPs.
●High Security: VPC endpoints enable you to access VPC endpoint services without exposing server information, helping you minimize risks.
1.3Application Scenarios
VPCEP provides:
●High-speed cloud migration
Connect your local data center to cloud services using a Virtual Private Network (VPN) connection or a high-speed Direct Connect connection over a private network to improve access ffic nc and security with low costs. Figure 1-1 b fl illustrates this application scenario.
Figure 1-1 High-speed cloud migration
●Cross-VPC connection
ff n VPCs cannot communicate with each other. To solve this problem, you can create an application in your VPC and c nfi it as a VPC endpoint
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
2 |
VPC Endpoint |
|
User Guide (ME-Abu Dhabi Region) |
1 Service Overview |
service. A VPC endpoint can be created in another VPC of the same region and used as a channel to access the VPC endpoint service.
Figure 1-2 b fl illustrates this application scenario.
Figure 1-2 Cross-VPC connection
1.4 Product Concepts
1.4.1 User Permissions
The cloud system provides two types of user permissions by default, user management and resource management.
●User management refers to management of users, user groups, and user group permissions.
●Resource management refers to access control over cloud service resources.
VPCEP provides two types of resources: VPC endpoint services and VPC endpoints, both of which are region-level resources. The required permissions must be added for users in the project.
1.4.2 Region and AZ
Concept
A region and availability zone (AZ) identify the location of a data center. You can create resources in a c fic region and AZ.
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
3 |
VPC Endpoint |
|
User Guide (ME-Abu Dhabi Region) |
1 Service Overview |
●A region is a physical data center, which is completely isolated to improve fault tolerance and stability. The region that is selected during resource creation cannot be changed after the resource is created.
●An AZ is a physical location where resources use independent power supplies and networks. A region contains one or more AZs that are physically isolated
but interconnected through internal networks. Because AZs are isolated from each other, any fault that occurs in an AZ will not ff c other AZs.
Figure 1-3 shows the relationship between regions and AZs.
Figure 1-3 Regions and AZs
Selecting a Region
Select a region closest to your target users for low network latency and quick access.
Selecting an AZ
When deploying resources, consider your applications' requirements on disaster recovery (DR) and network latency.
● For high DR capability, deploy resources in ff n AZs within the same region.
●For low network latency, deploy resources in the same AZ.
Regions and Endpoints
Before you use an API to call resources, specify its region and endpoint. For more details, see Regions and Endpoints.
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
4 |
VPC Endpoint |
|
User Guide (ME-Abu Dhabi Region) |
2 Getting Started |
2Getting Started
2.1 |
a VPC Endpoint for Communication |
Across VPCs |
|
2.1.1 Overview
VPCEP supports cross-VPC communication. With VPCEP, two VPCs created by the same domain or ff n domains can communicate with each other. You can use a private IP address to access resources across the VPCs despite of network isolation between them.
Figure 2-1 shows how an ECS in VPC1 accesses a VPC endpoint service in VPC2 using a VPC endpoint.
Figure 2-1 nfi |
n a VPC endpoint for communication Across VPCs |
NOTE
The above is an example on how to c nfi |
VPC endpoints for communication across |
VPCs in the same region. |
|
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
5 |
VPC Endpoint |
|
User Guide (ME-Abu Dhabi Region) |
2 Getting Started |
2.1.2 a VPC Endpoint for Communication Across VPCs of the Same Domain
2.1.2.1 Operation Process
Figure 2-2 shows how to c nfi networks between two VPCS of the same domain using VPCEP.
Figure 2-2 Operation process
2.1.2.2 Step 1: Create a VPC Endpoint Service
Scenarios
This section describes how to create a VPC endpoint service by selecting an elastic load balancer as an example backend service.
Procedure
1.Log in to the management console.
2.Click 
in the upper left corner and select the required region and project.
3.Click Service List and choose VPC Endpoint under Network.
4.In the navigation pane on the left, choose VPC Endpoint > VPC Endpoint Services and click Create VPC Endpoint Service.
The Create VPC Endpoint Service page is displayed.
5. |
nfi |
parameters by referring to Table 2-1. |
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
6 |
VPC Endpoint |
|
|
|
User Guide (ME-Abu Dhabi Region) |
|
2 Getting Started |
|
|
Table 2-1 Required parameters |
||
|
|
|
|
|
Parameter |
Description |
|
|
|
|
|
|
Region |
c fi |
the region where the VPC endpoint service is |
|
|
located. |
|
|
|
Resources in ff n regions cannot communicate with |
|
|
|
each other over internal networks. Select the nearest region |
|
|
|
for lower network latency and faster access to resources. |
|
|
|
|
|
|
VPC |
c fi |
the VPC where the VPC endpoint service is located. |
|
|
|
|
|
Service Type |
c fi |
the type of the VPC endpoint service. The value |
|
|
can only be Interface. |
|
|
|
|
|
|
Connection |
c fi |
whether the connection between a VPC endpoint |
|
Approval |
and a VPC endpoint service requires approval from the |
|
|
|
owner of the VPC endpoint service. |
|
|
|
You can determine whether to enable or disable the |
|
|
|
connection approval. |
|
|
|
If connection approval is enabled, any VPC endpoint for |
|
|
|
connecting to the VPC endpoint service needs to be |
|
|
|
approved. For details, see step 5. |
|
|
|
|
|
|
Port Mapping |
c fi |
the protocol and ports used for communication |
|
|
between the VPC endpoint service and VPC endpoint. The |
|
|
|
protocol is TCP. |
|
|
|
● Service Port: A service port is provided by the backend |
|
|
|
service bound to the endpoint service. |
|
|
|
● Terminal Port: A terminal port is provided by the VPC |
|
|
|
endpoint, allowing you to access the VPC endpoint |
|
|
|
service. |
|
|
|
The service and terminal port numbers range from 1 to |
|
|
|
65535. A maximum of 50 port mappings can be added at a |
|
|
|
time. |
|
|
|
NOTE |
|
|
|
Accessing a VPC endpoint service from a VPC endpoint is to access |
|
|
|
the service port from the associated terminal port. |
|
|
|
|
|
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
7 |
VPC Endpoint |
|
|
|
|
User Guide (ME-Abu Dhabi Region) |
|
|
2 Getting Started |
|
|
|
|
|
|
|
Parameter |
Description |
|
|
|
|
|
|
|
|
Backend |
c fi |
the type of the backend resource that provides |
|
|
Resource |
services to be accessed. |
|
|
|
Type |
This parameter can be set to Elastic load balancer or ECS. |
||
|
|
|||
|
|
● Elastic load balancer: Select this value if the backend |
||
|
|
resource is an elastic load balancer. Backend resources of |
||
|
|
this type suit services that receive high access ffic and |
||
|
|
demand high reliability and disaster recovery (DR) |
||
|
|
performance. |
|
|
|
|
● ECS: Select this value if the backend resource is an |
||
|
|
Elastic Cloud Server (ECS). Backend resources of this |
||
|
|
type serve as servers. |
|
|
|
|
Example: Elastic load balancer |
|
|
|
|
NOTE |
|
|
|
|
Security groups use the whitelist mechanism. For the security group |
||
|
|
of the backend resource c nfi |
for the VPC endpoint service, |
|
|
|
you need to add an inbound rule for the whitelist, where the source |
||
|
|
IP address is 198.19.128.0/20. For details, see Adding a Security |
||
|
|
Group Rule in the Virtual Private Cloud User Guide. |
||
|
|
|
||
|
Load |
When Backend Resource Type is set to Elastic load |
||
|
Balancer |
balancer, select the load balancer that provides services |
||
|
|
from the drop-down list. Only elastic load balancers are |
||
|
|
supported. |
|
|
|
|
NOTE |
|
|
|
|
If an elastic load balancer is used as the backend resource, the |
||
|
|
source IP address received by the VPC endpoint service is not the |
||
|
|
real address of the client. |
|
|
|
|
|
|
|
|
Tag |
This parameter is optional. |
|
|
|
|
c fi |
the VPC endpoint service tag, which consists of a |
|
|
|
key and a value. You can add a maximum of 10 tags to |
||
|
|
each VPC endpoint service. |
|
|
|
|
Tag keys and values must meet requirements listed in Table |
||
|
|
2-2. |
|
|
|
|
|
|
|
Table 2-2 Tag requirements for VPC endpoint services
Parameter |
Requirement |
|
|
Tag key |
● Cannot be left blank. |
|
● Must be unique for each resource. |
|
● Can contain a maximum of 36 characters. |
|
● Cannot start or end with a space or contain special |
|
characters =*<>\,|/ |
|
|
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
8 |
VPC Endpoint |
|
|
User Guide (ME-Abu Dhabi Region) |
2 Getting Started |
|
|
|
|
|
Parameter |
Requirement |
|
|
|
|
Tag value |
● Cannot be left blank. |
|
|
● Can contain a maximum of 43 characters. |
|
|
● Cannot start or end with a space or contain special |
|
|
characters =*<>\,|/ |
|
|
|
6.Click Create Now.
7.On the displayed page, click Back to VPC Endpoint Service List to view the newly-created VPC endpoint service.
8.In the VPC endpoint service list, locate the target VPC endpoint service and click its name to view the details.
2.1.2.3Step 2: Create a VPC Endpoint
Scenarios
This section describes how to create a VPC endpoint in another VPC of your own for connecting to the VPC endpoint service.
Procedure
1.In the navigation pane on the left, choose VPC Endpoint > VPC Endpoints.
2.On the displayed page, click Create VPC Endpoint.
3. |
nfi |
parameters by referring to Table 2-3. |
|
|
Table 2-3 Required parameters |
||
|
|
|
|
|
Parameter |
Description |
|
|
|
|
|
|
Region |
|
c fi the region where the VPC endpoint is located. This |
|
|
|
region is the same as that of the VPC endpoint service. |
|
|
|
|
|
Service |
|
There are two options: Cloud services or Find a service by |
|
Category |
|
name. |
|
|
|
● Cloud services: Select this value if the target VPC |
|
|
|
endpoint service is a cloud service. |
|
|
|
● Find a service by name: Select this value if the target |
|
|
|
VPC endpoint service is a private service of your own. |
|
|
|
Example: Find a service by name |
|
|
|
|
Issue 01 (2020-11-06) |
Copyright © Huawei Technologies Co., Ltd. |
9 |
Loading...