DataWorks:Configure a VPC to access IM endpoints

Target IM endpoints

Procedure

• Create an endpoint and connect it to the corresponding endpoint service.

• Configure Alibaba Cloud DNS PrivateZone to resolve the IM endpoint domain names to the endpoint service domain name.

Step 1: Create an endpoint

The following table lists the endpoint service names for each region.

1. In the left-side navigation pane, choose Endpoint > Interface Endpoint. Click Create Endpoint.

2. On the Create Endpoint pane, configure the following parameters:

   1. Region: Select the same region as your DataWorks workspace.

   2. Endpoint type: Interface Endpoint.

   3. Endpoint name: Enter a custom name, such as AI-Assistant-Service-im-endpoint.

   4. Available services: Search for and select the Endpoint Service Name for your region from the preceding table.

   5. VPC: Select the default VPC associated with the AI Assistant Service resource group.

   6. Availability zone: Select the same availability zone as the AI Assistant Service resource group.

   7. Security group: Create a security group that allows both inbound and outbound traffic on port 443. If a suitable security group already exists, you can select it.

Click OK to create the endpoint. After the endpoint is created, find it in the list and record its endpoint service domain name (for example, ep-xxxxxxxx.vpc-endpoint.aliyuncs.com).

Step 2: Configure DNS resolution with PrivateZone

Configure DNS resolution only for the IM platforms you need. For example, if you need to connect to DingTalk, you only need to create DNS records for its domains: oapi.dingtalk.com, api.dingtalk.com, and wss-open-connection.dingtalk.com.

1. Log on to the Alibaba Cloud DNS console.

2. In the left-side navigation pane, choose Private DNS.

3. On the Private Zone tab, click Add Zone to create an authoritative domain for the top-level domain of each IM endpoint.

   1. Private zone name (Zone): Enter the top-level domain of the IM endpoint, such as dingtalk.com, feishu.cn, larksuite.com, or qq.com.

      IM platform	Authoritative domain
      DingTalk	dingtalk.com
      Feishu	feishu.cn
      Lark (international version of Feishu)	larksuite.com
      WeCom	qq.com

   2. Scope: Under Effective in Alibaba Cloud VPC, find and select the VPC associated with your AI Assistant Service resource group. This ensures that instances within this VPC use the PrivateZone for DNS resolution.

   3. Save the configuration to add the zone.

4. Add a CNAME record for each authoritative domain. In the list of private zones, click Resolution Settings in the Actions column of the target zone. Then, click Add Record and configure the following parameters:

   1. Record type: Select CNAME.

   2. Host record: Enter the part of the IM endpoint domain name that precedes the top-level domain. For example, for oapi.dingtalk.com, the host record is oapi.

   3. Resolution request source: Keep the default value (All Sources).

   4. TTL: Keep the default value of 600 seconds.

   5. Record value: Enter the endpoint service domain name from Step 1. You can copy this from the Default Service Domain Name on the endpoint's basic information page.

   Refer to the following table for record information:

   Authoritative domain	Record type	Host record	Value
   dingtalk.com	CNAME	oapi	endpoint service domain name (from Step 1)
   dingtalk.com	CNAME	api
   dingtalk.com	CNAME	wss-open-connection
   feishu.cn	CNAME	open
   larksuite.com	CNAME	open
   qq.com	CNAME	qyapi.weixin
   qq.com	CNAME	openws.work.weixin	endpoint service domain name (from Step 1)

   After adding each record, click OK to save it.

5. Return to DataWorks. On the details page of your AI Assistant Service instance, test the network connectivity of the IM configuration. A successful test confirms that the configuration is correct.

Related documents

• What is PrivateLink

• What is Alibaba Cloud DNS