Before you use PrivateLink, make sure that you understand the following terms.

Term Description
Endpoint You can associate an endpoint with an endpoint service to establish a PrivateLink connection that allows a virtual private cloud (VPC) to access external services. Endpoints are created and managed by service consumers.
Endpoint elastic network interface (ENI) Endpoint ENIs serve as entries for VPCs to access endpoint services.
Endpoint security group Security groups can control the traffic between VPCs and endpoint ENIs. Each endpoint must be added to at least one security group. After an endpoint is added to a security group, all ENIs of the endpoint are associated with the security group.
Endpoint service After you create an endpoint service in a VPC, you can use an endpoint that is deployed in another VPC to access the endpoint service through PrivateLink connections. Endpoint services are created and managed by service providers.
Service resource Service resources are resources that can be accessed by endpoints.
Note Service resources that are added to an endpoint service must be internal-facing Server Load Balancer (SLB) instances that support PrivateLink and are deployed in VPCs.
Service whitelist The service whitelist is used to manage users who are allowed to access the service resources.

After an endpoint service is added, the account ID of the service owner is automatically added to the whitelist. Users whose account IDs are in the whitelist can query the endpoint service. These users can use the endpoints to connect to the endpoint service. If you want to allow another Alibaba Cloud account to access the endpoint service, you must add the ID of the Alibaba Cloud account to the whitelist.

Endpoint connection The connection between an endpoint and an endpoint service.

Overview

PrivateLink contains components of the service consumer and service provider.
Entity Component
Service consumer
  • Endpoints
  • Endpoints and ENIs
  • Endpoint security groups
Service provider
  • Endpoint services
  • Service resources
  • Service whitelists
  • Endpoint connections