This topic describes how to configure Alibaba Cloud DNS PrivateZone (PrivateZone). This way, an Elastic Compute Service (ECS) instance in a virtual private cloud (VPC) that has no access to the Internet can call the Application Real-Time Monitoring Service (ARMS) API over the Alibaba Cloud internal network.
Background information
ARMS provides public endpoints. If your ECS instance does not have a public bandwidth or a public IP address, you cannot make API requests by using tools such as Alibaba Cloud CLI or SDK. Alibaba Cloud provides PrivateZone to ensure that your ECS instance can send API requests over the Alibaba Cloud internal network. You can associate PrivateZone with the VPC in the region where your ECS instance is located.
Usage notes
- You can configure PrivateZone only for regions that contain VPC-connected ECS instances. You cannot configure PrivateZone across regions.
- We recommend that you use custom images that have Alibaba Cloud CLI or SDK deployed to create ECS instances. Otherwise, the ECS instances cannot load related dependencies without Internet access.
- The following table describes the ARMS endpoints that support PrivateZone. Make sure
that you use an endpoint listed in the table.
Alibaba Cloud region Region ID CNAME record Endpoint China (Hangzhou) cn-hangzhou popunify-vpc.cn-hangzhou.aliyuncs.com arms.cn-hangzhou.aliyuncs.com China (Shanghai) cn-shanghai popunify-vpc.cn-shanghai.aliyuncs.com arms.cn-shanghai.aliyuncs.com China (Qingdao) cn-qingdao popunify-vpc.cn-qingdao.aliyuncs.com arms.cn-qingdao.aliyuncs.com China (Beijing) cn-beijing popunify-vpc.cn-beijing.aliyuncs.com arms.cn-beijing.aliyuncs.com China (Shenzhen) cn-shenzhen popunify-vpc.cn-shenzhen.aliyuncs.com arms.cn-shenzhen.aliyuncs.com China (Zhangjiakou) cn-zhangjiakou popunify-vpc.cn-zhangjiakou.aliyuncs.com arms.cn-zhangjiakou.aliyuncs.com China (Hong Kong) cn-hongkong popunify-vpc.cn-hongkong.aliyuncs.com arms.cn-hongkong.aliyuncs.com Singapore (Singapore) ap-southeast-1 popunify-vpc.ap-southeast-1.aliyuncs.com arms.ap-southeast-1.aliyuncs.com
Procedure
Verify the result
After you associate the VPC with the created private zone, you can log on to your ECS instance to check whether this ECS instance can access the ARMS endpoint of the corresponding region. For more information, see Connect to a Linux instance by using password authentication.
arms.cn-hangzhou.aliyuncs.com is used in this example. Run the ping command to test the status of packet sending and receiving.
ping arms.cn-hangzhou.aliyuncs.com
If a result similar to the following content appears, your ECS instance can access the ARMS endpoint of the corresponding region.
