Community Blog Get Secure VPC Connections with Other VPCs through Alibaba Cloud Private Link

Get Secure VPC Connections with Other VPCs through Alibaba Cloud Private Link

This article explains how you can connect Virtual Private Cloud (VPC) networks to other VPCs securely using Alibaba Cloud PrivateLink

By Prashant Mishra, Alibaba Cloud MVP and CEO, Founder Click2Cloud Inc.

A Virtual Private Cloud (VPC) is an independent, private network that is built within a public cloud environment, You can use PrivateLink to establish a private connection between Alibaba Cloud services and VPCs. PrivateLink simplifies network architecture and provides secure data transmission.

Alibaba Cloud PrivateLink offers private connectivity between VPCs, Alibaba Cloud services, and on-premises networks without exposing your traffic to the public Internet. You must create endpoint services and endpoints via PrivateLink connections to share services between multiple VPCs that belong to the same account.

It simplifies the network architecture and secures the connection between endpoints in Alibaba Cloud by eliminating data exposure to the public Internet. The diagram below shows the architecture of PrivateLink and secure data transmission:

Figure Above: Alibaba Cloud PrivateLink

You have to create endpoint services and endpoints to use PrivateLink connections and share Alibaba Cloud services between different VPCs that connect with the same account. This is illustrated in the diagram above.

There are two VPCs created (VPC-1 and VPC-2) with the same Alibaba Cloud account. Application services are deployed in ECS at VPC-2. For security, VPC-1 accesses the services of VPC-2 through PrivateLink to avoid security risks over the Internet.

You can create a CLB instance that supports PrivateLink in VPC 2 and specify the ECS instances in VPC 2 as the backend servers of the CLB instance. Then, create an endpoint service, and specify the CLB instance as a service resource for the endpoint service. Create an endpoint for VPC 1. After the endpoint for VPC 1 is created, VPC 1 can access the services deployed in VPC 2.

Endpoint Services

Through PrivateLink, you can access endpoint services within a VPC through other VPCs. You must create endpoints for these VPCs to establish PrivateLink connections. Service providers create and manage the Endpoint services.


Endpoints can be associated with an endpoint service to generate PrivateLink connections. This will allow VPCs to access external services. Endpoints are managed and created by service customers.

Advantages of PrivateLink

1.  Global Reach

PrivateLink can connect to services running in other regions privately. The consumer's virtual network can easily connect to services behind PrivateLink in any region.

2.  Protection against Data Leakage

A private endpoint is mapped to a virtual machine of a PaaS resource instead of the entire service. Consumers can only connect to this specific resource. Access to any other resource in the service is blocked. This mechanism protects against data leakage risks.

3.  Low Risks

PrivateLink connections help users access endpoint services. These requests are forwarded within Alibaba Cloud to avoid risks over the Internet.

4.  High Security

When you use PrivateLink to access cloud services in a VPC, you can add rules to the security group of the elastic network interface (ENI) that is used to access the services. This ensures higher security and reliability.

5.  Low Latency and High Quality

When you use PrivateLink to access cloud services, requests are forwarded within the same zone. This reduces the network latency significantly.

6.  Simplified Management

PrivateLink allows you to access cloud services deployed in another VPC within the same account or services that belong to another account. This avoids complicated route settings and security configurations.

Wrapping Up

PrivateLink is a safe and secure way to build connections between different VPCs that connect to the same account region. This reduces effort, saves time and money, and provides a high level of security during data transfer.

0 0 0
Share on

PM - C2C_Yuan

47 posts | 2 followers

You may also like