All Products
Search
Document Center

Two-way VPC access

Last Updated: Jul 10, 2021

What is a VPC?

A virtual private cloud (VPC) is a private network that you can create on Alibaba Cloud. Layer 2 logical isolation is achieved between different VPCs. You can create and manage cloud instances within your VPC, such as Elastic Compute Service (ECS) and Time Series Database (TSDB) for InfluxDB®.


Access a TSDB for InfluxDB®️ instance over a VPC

Only the VPC network type is supported for TSDB for InfluxDB®️ instances. Therefore, when you purchase a TSDB for InfluxDB®️ instance, you must specify a VPC. After the VPC is specified, your cloud instances deployed in the same VPC can access the TSDB for InfluxDB®️ instance by using the endpoint of the VPC. The following figure shows the page where you can view the endpoint. The cloud instances that initiate access requests serve as the clients, and the TSDB for InfluxDB®️ instance serves as the server that receives and processes the access requests.

vpc

Typical scenarios

By default, a cloud instance can access your TSDB for InfluxDB® instance within the same VPC, but the TSDB for InfluxDB® instance cannot access the cloud instance due to network limits. This already meets the requirements for network connections in most scenarios, especially when the cloud instance is an Alibaba Cloud database instance. However, your TSDB for InfluxDB®️ instance needs to serve as a client to actively push data to other services in some scenarios, due to the comprehensive open source ecosystem of TSDB for InfluxDB®️. To enable two-way access between your TSDB for InfluxDB®️ instance and another cloud instance, make sure that the two instances are deployed in the same VPC.

Two-way access can be used in the following typical scenarios:

  • Kapacitor data subscription service

  • Telegraf data collection service (to be launched)

Enable two-way access between instances in the same VPC

1.Log on to the TSDB console, go to the details page of your TSDB for InfluxDB® instance, and then click Enable Two-way VPC Access in the Basic Information section.

open

2.The system checks whether you are authorized to enable this feature. If you are not authorized, a message appears, as shown in the following figure. If you are authorized, the system continues to enable the feature.

ram

3.In the message that appears, click Authorize. On the page that appears, click Confirm Authorization Policy.

role

4.Go to the instance details page and click Enable Two-way VPC Access.

opening

5.If the message "The two-way VPC access is activated." appears, the two-way VPC access feature is enabled.

6.Configure the whitelist of the cloud instance to enable two-way access between this instance and your TSDB for InfluxDB® instance. For example, if Kapacitor subscribes to data from your TSDB for InfluxDB® instance, the TSDB for InfluxDB® instance needs to push data to the cloud instance in which the Kapacitor service is deployed. In this scenario, you must add the IP address of the TSDB for InfluxDB® instance to the security group of the cloud instance.

  • Go to the management page of the cloud instance in which Kapacitor is deployed. In the left-side navigation pane, click Security Groups.

  • Click Add Rules.

  • Create an inbound rule. When you create the rule, specify the port range and IP address that are assigned to your TSDB for InfluxDB® instance for two-way access. You can view the IP address on the Instance Details page of the TSDB for InfluxDB® instance.