All Products
Search

This Product

    Auto Scaling:Call API operations over an Alibaba Cloud VPC

    Document Center

    Auto Scaling:Call API operations over an Alibaba Cloud VPC

    Last Updated:Jun 19, 2024

    If your scaling group contains Elastic Compute Service (ECS) instances that reside in a virtual private cloud (VPC) and cannot access the Internet, you can configure Alibaba Cloud DNS PrivateZone to enable API calling over the VPC for the instances.

    Background information

    Auto Scaling provides public network endpoints. If your scaling group contains ECS instances to which no public bandwidth or public IP addresses are allocated, API requests initiated by using Alibaba Cloud CLI or SDKs are not supported. In this case, you can associate Alibaba Cloud DNS PrivateZone with the VPC in which the ECS instances of your scaling group reside to implement API calling over the VPC. Alibaba Cloud DNS PrivateZone and the ECS instances must reside in the same region.

    • This solution is applicable to only ECS instances that reside in VPCs. You cannot apply this solution if Alibaba Cloud DNS PrivateZone and your ECS instances are in different regions.

    • We recommend that you specify an image that has available Alibaba Cloud CLI or SDKs in your scaling configuration. This ensures that the required dependencies can be downloaded to the ECS instances that are created from the scaling configuration, even if the ECS instances cannot access the Internet.

    • The following table describes the endpoints that support Alibaba Cloud DNS PrivateZone. Make sure that your endpoint is listed in the table.

      Alibaba Cloud region

      Region ID

      CNAME record

      Public endpoint

      China (Beijing)

      cn-beijing

      popunify-vpc.cn-beijing.aliyuncs.com

      ess.aliyuncs.com

      China (Hangzhou)

      cn-hangzhou

      popunify-vpc.cn-hangzhou.aliyuncs.com

      ess.aliyuncs.com

      China (Shanghai)

      cn-shanghai

      popunify-vpc.cn-shanghai.aliyuncs.com

      ess.aliyuncs.com

      China (Shenzhen)

      cn-shenzhen

      popunify-vpc.cn-shenzhen.aliyuncs.com

      ess.aliyuncs.com

      China (Hong Kong)

      cn-hongkong

      popunify-vpc.cn-hongkong.aliyuncs.com

      ess.aliyuncs.com

      Singapore

      ap-southeast-1

      popunify-vpc.ap-southeast-1.aliyuncs.com

      ess.aliyuncs.com

    Procedure

    1. Log on to the Alibaba Could DNS console.

    2. In the left-side navigation pane, click Private DNS (PrivateZone).

    3. In the upper-right corner of the page that appears, click Configuration Mode.

    4. On the User Defined Zones tab, click Add New Zone.

    5. In the Add Built-in Authoritative Zone panel, configure the following parameters based on your business requirements and click OK.

      • Built-in Authoritative Zone: Select an access endpoint of an ECS instance that supports DNS PrivateZone from the drop-down list. Example: ess.cn-hangzhou.aliyuncs.com.

      • Recursive Resolution Proxy for Subdomain Names: After you turn on the switch, if the domain name queried by DNS is suffixed with the zone name but is not specified in the zone file, the public DNS resolution takes precedence.

        Zone.jpg

    6. Find the created zone and click Resource Records Settings in the Actions column.

    7. On the Resource Records Settings tab, click Add Record.

    8. In the Add Record panel, configure the following parameters based on your business requirements and click OK.

      • Record Type: Select CNAME.

      • Hostname: Enter @ to resolve the @.example.com domain name.

      • Record Value: Enter the CNAME record of the corresponding region.

      • TTL Value: The time to live value. In this example, select 1 Minute.

        image

    9. Go back to the User Defined Zones tab and find the created zone. Click Effective Scope Settings in the Actions column.

    10. Select the same region as the created zone and then select an Alibaba Cloud VPC to associate. Click OK.

      For more information, see Associate a zone with VPCs across accounts.

      Note

      The Alibaba Cloud VPC must be the VPC in which the ECS instances of your scaling group reside.

    Result

    After you associate the created zone with the VPC in which the ECS instances of your scaling group reside, you can remotely log on to one of the ECS instances and test whether you can access the endpoint of the desired region from the ECS instance. For more information, see Connect to an instance by using VNC.

    In this example, the ess.cn-hangzhou.aliyuncs.com endpoint is used to test the access.

    • Run the ping command to test whether data packets can be sent or received over the VPC. 

      ping ess.cn-hangzhou.aliyuncs.com

    • Use Alibaba Cloud CLI to call the DescribeRegions operation and specify the access endpoint by using the --endpoint field. 

      aliyun ess DescribeRegions --endpoint ess.cn-hangzhou.aliyuncs.com