Currently, VPC does not provide an independent access control policy. Therefore, you need to rely on the access control functions of target cloud products in VPC to achieve your desired results. For example, when using ECS instances, you can use security groups to achieve access control over your instances, and when using SLB and RCS instances, you can achieve access control by using whitelists."
ECS security group
A security group is a virtual firewall capable of status detection packet inspection. In general, security groups are used to configure network access control for one or more ECS instances. As an important measure to isolate networks, security groups are used to divide security domains in the cloud.
When you create an ECS instance of the VPC network, you can use the default security group rule provided by the system, or you can customize the rule as needed. However, you cannot delete the default security group.
You can use the whitelist function provided by ApsaraDB for RDS for access control. Doing so enables you to specify IP addresses that are allowed to access the RDS instance while also denying access from other IP addresses. When using RDS in a VPC, you can add the IP address of the ECS instance to the whitelist of the RDS so that the ECS instance can access the RDS instance.
You can use the whitelist function provided by SLB for Server Load Balancer listeners, so that only IP addresses in the whitelist can access the listeners. We recommend doing so for applications that only allow access from certain IP addresses.