All Products
Search
Document Center

Auto Scaling:Call API operations over the Alibaba Cloud internal network

Last Updated:Mar 21, 2024

If your scaling group contains Elastic Compute Service (ECS) instances that reside in a virtual private cloud (VPC) and cannot access the Internet, you can configure Alibaba Cloud DNS PrivateZone to enable API calling over the Alibaba Cloud internal network for the instances.

Background information

Auto Scaling provides public network endpoints. If your scaling group contains ECS instances to which no public bandwidth or public IP addresses are allocated, API requests initiated by using Alibaba Cloud CLI or SDKs are not supported. In this case, you can associate Alibaba Cloud DNS PrivateZone with the VPC in which the ECS instances of your scaling group reside to implement API calling over the Alibaba Cloud internal network. Alibaba Cloud DNS PrivateZone and the ECS instances must reside in the same region.

  • This solution is applicable to only ECS instances that reside in VPCs. You cannot apply this solution if Alibaba Cloud DNS PrivateZone and your ECS instances are in different regions.

  • We recommend that you specify an image that is installed with Alibaba Cloud CLI or SDKs in your scaling configuration. This ensures that the required dependencies can be downloaded to the ECS instances that are created from the scaling configuration, even if the ECS instances cannot access the Internet.

  • The following table describes the endpoints that support Alibaba Cloud DNS PrivateZone. Make sure that your endpoint is listed in the table.

    Alibaba Cloud region

    Region ID

    CNAME record

    Public endpoint

    China (Beijing)

    cn-beijing

    popunify-vpc.cn-beijing.aliyuncs.com

    ess.aliyuncs.com

    China (Hangzhou)

    cn-hangzhou

    popunify-vpc.cn-hangzhou.aliyuncs.com

    ess.aliyuncs.com

    China (Shanghai)

    cn-shanghai

    popunify-vpc.cn-shanghai.aliyuncs.com

    ess.aliyuncs.com

    China (Shenzhen)

    cn-shenzhen

    popunify-vpc.cn-shenzhen.aliyuncs.com

    ess.aliyuncs.com

    China (Hong Kong)

    cn-hongkong

    popunify-vpc.cn-hongkong.aliyuncs.com

    ess.aliyuncs.com

    Singapore

    ap-southeast-1

    popunify-vpc.ap-southeast-1.aliyuncs.com

    ess.aliyuncs.com

Procedure

  1. Log on to the Alibaba Could DNS console.

  2. In the left-side navigation pane, click Private DNS (PrivateZone). On the page that appears, click Add New Zone.

  3. Configure the following parameters and click OK.

    • Zone Name: Enter an ECS endpoint that supports Alibaba Cloud DNS PrivateZone. In this example, enter ess.cn-hangzhou.aliyuncs.com.

    • Subdomain recursive resolution proxy: If you select this check box and the domain name to be queried is suffixed with the zone name but is not configured in the resource records of the zone, the authoritative DNS resolution results on the Internet prevail.

  4. Find the created private zone and click Resource Records Settings in the Actions column.

  5. On the Resource Records Settings page, click Add Record.

  6. In the Add Record dialog box, configure the following parameters, and then click OK.

    • Record Type: Select CNAME.

    • Resource Records: Enter @ to resolve the @.example.com domain name.

    • Record Value: Enter the CNAME record of the corresponding region.

    • TTL Value: The time to live value. In this example, select 1 minute(s).

  7. Go back to Private DNS (PrivateZone) page and find the created private zone. Click Bind VPC in the Actions column.

  8. In the Bind VPC dialog box, select the region in which your ECS instances and Alibaba Cloud DNS PrivateZone reside and select the VPCs that you want to associate. Then, click OK.

    Note

    You must select the VPCs of the ECS instances of your scaling group.

Verify the result

After you associate Alibaba Cloud DNS PrivateZone with your scaling group, you can remotely log on to an ECS instance of your scaling group by using VNC to test whether you can access the desired endpoint from the ECS instance.

In this example, the ess.cn-hangzhou.aliyuncs.com endpoint is used to verify the access.

  • Run the ping command to test whether data packets can be sent or received over the Alibaba Cloud internal network.

    ping ess.cn-hangzhou.aliyuncs.com

  • Use Alibaba Cloud CLI to call the DescribeRegions operation and specify the access endpoint by using the --endpoint field.

    aliyun ess DescribeRegions --endpoint ess.cn-hangzhou.aliyuncs.com