All Products
Search
Document Center

Elastic Compute Service:configure network permissions for Cloud Assistant Agent

Last Updated:Mar 28, 2024

This topic describes how to configure security group rules for Elastic Compute Service (ECS) instances on which Cloud Assistant Agent is installed to facilitate the management of network permissions on Cloud Assistant Agent.

Background information

To ensure that you can use Cloud Assistant on an ECS instance, the instance must have access to the endpoints or IP addresses that are required to perform specific operations, such as running Cloud Assistant commands. You must configure security group rules to allow outbound access to the endpoints or IP addresses that are described in the following table.

Endpoint or IP address

Description

https://{region-id}.axt.aliyun.com:443/

This endpoint is used to access the Cloud Assistant server.

http://100.100.100.200:80/

This URL is used to access MetaServer.

https://aliyun-client-assist-{region-id}.oss-{region-id}-internal.aliyuncs.com:443/

This endpoint is used to access the server where the Cloud Assistant Agent installation package resides to install or update Cloud Assistant Agent.

Note

{region-id} specifies the region ID of the instance. For example, if the instance resides in the China (Hangzhou) region, set this parameter to cn-hangzhou.

You can use one of the following methods to configure security group rules for an instance on which Cloud Assistant Agent is installed:

  • General configurations: In most cases, you can use this method to configure security group rules to allow access to the CIDR blocks and ports of the Cloud Assistant server and the server where the Cloud Assistant Agent installation package resides.

  • Fine-grained configurations: If you want to manage network permissions in a fine-grained manner, you can use this method to allow access to the specified ports and IP addresses based on the region of the instance on which Cloud Assistant Agent is installed.

General configurations

To simplify the configuration and management of network permissions, you can configure security group rules to allow access to the CIDR blocks and ports of the Cloud Assistant server and the server where the Cloud Assistant Agent installation package resides.

Note

The CIDR block of the Cloud Assistant server is 100.100.0.0/16. The CIDR block of the server where the Cloud Assistant Agent installation package resides is 100.0.0.0/8.

By default, basic security groups allow all outbound access. A basic security group allows all outbound traffic from ECS instances in the security group. By default, advanced security groups deny all outbound access. An advanced security group denies all outbound traffic from ECS instances in the security group. For advanced security groups, configure security group rules to allow outbound access to the URLs, CIDR blocks, or ports that are described in the following table. For more information, see Add a security group rule.

URL, CIDR block, or port

Description

DNS/UDP port 53

This port is used to resolve domain names.

https://<100.100.0.0/16>:443/

This URL is used to access the Cloud Assistant server.

https://<100.0.0.0/8>:443/

This URL is used to access the server where the Cloud Assistant Agent installation package resides to install or update Cloud Assistant Agent.

添加安全组规则

Fine-grained configurations

If you want to manage network permissions in a fine-grained manner, allow access to the IP addresses of the Cloud Assistant server and the server where the Cloud Assistant Agent installation package resides in specific regions.

For example, if your instance resides in the China (Hangzhou) region, configure rules in an advanced security group of the instance to allow outbound access to the URLs, IP addresses, or ports that are described in the following table. For more information, see Add a security group rule.

URL, IP address, or port

Description

DNS/UDP port 53

This port is used to resolve domain names.

https://100.100.45.106:443/

This URL is used to access the Cloud Assistant server in the China (Hangzhou) region.

https://100.118.28.50:443/

This URL is used to access the server where the Cloud Assistant Agent installation package resides in the China (Hangzhou) region to install or update Cloud Assistant Agent.

添加安全组规则1

The following table lists the endpoints and IP addresses that Cloud Assistant must be able to access in each region.

The first row in the Endpoint column of each region indicates the endpoint and IP address of the Cloud Assistant server. The second row indicates the endpoint and IP address of the server where the Cloud Assistant Agent installation package resides.

Region

Region ID

Endpoint

IP address

China (Qingdao)

cn-qingdao

cn-qingdao.axt.aliyun.com

100.100.15.4

aliyun-client-assist-cn-qingdao.oss-cn-qingdao-internal.aliyuncs.com

100.115.173.9

China (Beijing)

cn-beijing

cn-beijing.axt.aliyun.com

100.100.18.120

aliyun-client-assist-cn-beijing.oss-cn-beijing-internal.aliyuncs.com

100.118.58.9

China (Zhangjiakou)

cn-zhangjiakou

cn-zhangjiakou.axt.aliyun.com

100.100.99.23

aliyun-client-assist-cn-zhangjiakou.oss-cn-zhangjiakou-internal.aliyuncs.com

100.118.90.245

China (Hohhot)

cn-huhehaote

cn-huhehaote.axt.aliyun.com

100.100.126.8

aliyun-client-assist-cn-huhehaote.oss-cn-huhehaote-internal.aliyuncs.com

100.118.195.21

China (Ulanqab)

cn-wulanchabu

cn-wulanchabu.axt.aliyun.com

100.100.0.3

aliyun-client-assist-cn-wulanchabu.oss-cn-wulanchabu-internal.aliyuncs.com

100.118.214.0

China (Hangzhou)

cn-hangzhou

cn-hangzhou.axt.aliyun.com

100.100.45.106

aliyun-client-assist-cn-hangzhou.oss-cn-hangzhou-internal.aliyuncs.com

100.118.28.50

China (Shanghai)

cn-shanghai

cn-shanghai.axt.aliyun.com

100.100.36.108

aliyun-client-assist-cn-shanghai.oss-cn-shanghai-internal.aliyuncs.com

100.118.102.35

China (Nanjing - Local Region)

cn-nanjing

cn-nanjing.axt.aliyun.com

100.100.0.1

aliyun-client-assist-cn-nanjing.oss-cn-nanjing-internal.aliyuncs.com

100.114.142.7

China (Fuzhou - Local Region)

cn-fuzhou

cn-fuzhou.axt.aliyun.com

100.100.0.26

aliyun-client-assist-cn-fuzhou.oss-cn-fuzhou-internal.aliyuncs.com

100.114.211.4

China (Wuhan - Local Region)

cn-wuhan-lr

cn-wuhan-lr.axt.aliyun.com

100.100.0.8

aliyun-client-assist-cn-wuhan-lr.oss-cn-hangzhou-internal.aliyuncs.com

100.118.28.50

China (Shenzhen)

cn-shenzhen

cn-shenzhen.axt.aliyun.com

100.100.0.70

aliyun-client-assist-cn-shenzhen.oss-cn-shenzhen-internal.aliyuncs.com

100.118.78.4

China (Heyuan)

cn-heyuan

cn-heyuan.axt.aliyun.com

100.100.0.5

aliyun-client-assist-cn-heyuan.oss-cn-heyuan-internal.aliyuncs.com

100.98.83.0

China (Guangzhou)

cn-guangzhou

cn-guangzhou.axt.aliyun.com

100.100.0.4

aliyun-client-assist-cn-guangzhou.oss-cn-guangzhou-internal.aliyuncs.com

100.115.33.49

China (Chengdu)

cn-chengdu

cn-chengdu.axt.aliyun.com

100.100.0.42

aliyun-client-assist-cn-chengdu.oss-cn-chengdu-internal.aliyuncs.com

100.115.155.18

China (Hong Kong)

cn-hongkong

cn-hongkong.axt.aliyun.com

100.100.35.30

aliyun-client-assist-cn-hongkong.oss-cn-hongkong-internal.aliyuncs.com

100.115.61.10

Singapore

ap-southeast-1

ap-southeast-1.axt.aliyun.com

100.100.30.60

aliyun-client-assist-ap-southeast-1.oss-ap-southeast-1-internal.aliyuncs.com

100.118.219.18

Australia (Sydney)

ap-southeast-2

ap-southeast-2.axt.aliyun.com

100.100.44.12

aliyun-client-assist-ap-southeast-2.oss-ap-southeast-2-internal.aliyuncs.com

100.100.44.1

Malaysia (Kuala Lumpur)

ap-southeast-3

ap-southeast-3.axt.aliyun.com

100.100.127.16

aliyun-client-assist-ap-southeast-3.oss-ap-southeast-3-internal.aliyuncs.com

100.118.165.0

Indonesia (Jakarta)

ap-southeast-5

ap-southeast-5.axt.aliyun.com

100.100.80.165

aliyun-client-assist-ap-southeast-5.oss-ap-southeast-5-internal.aliyuncs.com

100.100.16.5

Philippines (Manila)

ap-southeast-6

ap-southeast-6.axt.aliyun.com

100.100.0.15

aliyun-client-assist-ap-southeast-6.oss-ap-southeast-6-internal.aliyuncs.com

100.115.16.209

Thailand (Bangkok)

ap-southeast-7

ap-southeast-7.axt.aliyun.com

100.100.0.30

aliyun-client-assist-ap-southeast-7.oss-ap-southeast-7-internal.aliyuncs.com

100.98.249.15

India (Mumbai)

ap-south-1

ap-south-1.axt.aliyun.com

100.100.80.108

aliyun-client-assist-ap-south-1.oss-ap-south-1-internal.aliyuncs.com

100.118.211.136

Japan (Tokyo)

ap-northeast-1

ap-northeast-1.axt.aliyun.com

100.100.0.76

aliyun-client-assist-ap-northeast-1.oss-ap-northeast-1-internal.aliyuncs.com

100.100.40.129

South Korea (Seoul)

ap-northeast-2

ap-northeast-2.axt.aliyun.com

100.100.0.23

aliyun-client-assist-ap-northeast-2.oss-ap-northeast-2-internal.aliyuncs.com

10.109.28.16

US (Silicon Valley)

us-west-1

us-west-1.axt.aliyun.com

100.100.29.34

aliyun-client-assist-us-west-1.oss-us-west-1-internal.aliyuncs.com

100.100.29.86

US (Virginia)

us-east-1

us-east-1.axt.aliyun.com

100.100.152.140

aliyun-client-assist-us-east-1.oss-us-east-1-internal.aliyuncs.com

100.115.60.17

Germany (Frankfurt)

eu-central-1

eu-central-1.axt.aliyun.com

100.100.46.12

aliyun-client-assist-eu-central-1.oss-eu-central-1-internal.aliyuncs.com

100.115.154.14

UK (London)

eu-west-1

eu-west-1.axt.aliyun.com

100.100.0.20

aliyun-client-assist-eu-west-1.oss-eu-west-1-internal.aliyuncs.com

100.100.41.198

UAE (Dubai)

me-east-1

me-east-1.axt.aliyun.com

100.100.43.7

aliyun-client-assist-me-east-1.oss-me-east-1-internal.aliyuncs.com

100.100.43.1

SAU (Riyadh - Partner Region)

Important

The SAU (Riyadh) region is operated by a partner.

me-central-1

me-central-1.axt.aliyun.com

100.100.0.15

aliyun-client-assist-me-central-1.oss-me-central-1.aliyuncs.com

8.213.1.62

China East 2 Finance

cn-shanghai-finance-1

cn-shanghai-finance-1.axt.aliyun.com

100.100.0.46

aliyun-client-assist-cn-shanghai-finance-1.oss-cn-shanghai-finance-1-internal.aliyuncs.com

100.100.36.8

China North 2 Finance (Preview)

cn-beijing-finance-1

cn-beijing-finance-1.axt.aliyun.com

100.100.0.165

aliyun-client-assist-cn-beijing-finance-1.oss-cn-beijing-finance-1-internal.aliyuncs.com

100.112.52.151

China South 1 Finance

cn-shenzhen-finance-1

cn-shenzhen-finance-1.axt.aliyun.com

100.103.0.140

aliyun-client-assist-cn-shenzhen-finance-1.oss-cn-shenzhen-finance-1-internal.aliyuncs.com

100.112.15.71

China North 2 Ali Gov 1

cn-north-2-gov-1

cn-north-2-gov-1.axt.aliyun.com

100.100.0.67

aliyun-client-assist-cn-north-2-gov-1.oss-cn-north-2-gov-1-internal.aliyuncs.com

100.100.49.4