Virtual Private Cloud (VPC) is a service that provides isolated cloud networks. You can create VPCs on Alibaba Cloud. Layer-2 logical isolation is achieved between different VPCs. You can create and manage cloud service instances in your VPC, such as Elastic Compute Service (ECS) instances and Time Series Database (TSDB) for InfluxDB® instances.
TSDB for InfluxDB® instances are accessed through VPC. You must specify a VPC when you purchase an TSDB for InfluxDB® instance. After you perform this operation, your cloud service instances in the same VPC can use the VPC endpoint of the purchased TSDB for InfluxDB® instance to read and write data. The following figure shows the VPC endpoint of the instance. The TSDB for InfluxDB® instance receives and processes requests from clients as a server.
By default, a cloud service instance can access the TSDB for InfluxDB® instance in the same VPC, but the TSDB for InfluxDB® instance cannot access the cloud service instance. This already meets the requirements for network connections in most scenarios, especially when the cloud service instances are ApsaraDB service instances. However, to build a rich open source ecosystem, TSDB for InfluxDB® instances have to actively push data to other services. To enable two-way access between a TSDB for InfluxDB® instance and another cloud service instance, these two instances must be in the same VPC.
Typical scenarios that require two-way access includes:
- Kapacitor data subscription service
- Telegraf data collection service (to be launched)
Log on to the TSDB for InfluxDB® console and click an instance. On the Instance Details page, click Activate VPC Two-way Access in the Basic Information section.
The system verifies whether you are authorized to activate this feature in the backend. If you are not authorized, the dialog box for authorization appears. If you are authorized, the system continues to activate the feature in the backend.
In the dialog box that appears, click Authorize. On the page that appears, click Confirm Authorization Policy.
On the Instance Details page, click Activate VPC Two-way Access.
Ensure that two-way access between instances in the same VPC is activated.
Configure the whitelist for the cloud service instance to enable two-way access. For example, if Kapacitor subscribes to a TSDB for InfluxDB® instance, TSDB for InfluxDB® pushes data to the ECS instance where the Kapacitor service is deployed. You must add the IP address of the TSDB for InfluxDB® instance to the security group of the ECS instance where the Kapacitor service is deployed.
Go to the management page of the ECS instance where the Kapacitor service is deployed, and click Security Groups.
Click Add Rules.
Create an inbound rule. Specify the port range and the IP address that is assigned to the TSDB for InfluxDB® instance for two-way access. You can view the IP address on the Instance Details page.