DataWorks:Establish network connections across Alibaba Cloud accounts

Procedure

1. Use Cloud Enterprise Network (CEN) to grant the Alibaba Cloud account to which the resource group belongs the permissions to access the virtual private cloud (VPC) in which the data source resides. For more information, see Grant a transit router permissions on a network instance that belongs to another Alibaba Cloud account.

2. Use CEN to establish a network connection between a VPC (referred to as VPC 1) in the region in which the resource group resides and the VPC in which the data source resides. For more information, see Work with a bandwidth plan and Manage inter-region connections.

3. Associate the resource group with VPC 1 and configure a route forwarding policy.

   Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the desired resource group, and then click Network Settings in the Actions column. The VPC Binding tab appears. On the VPC Binding tab, click Add Binding. In the Add VPC Binding panel, configure the parameters to associate the resource group with VPC 1. You must configure the following parameters:

   • VPC: Select VPC 1.

   • Zone and VSwitch: Select a zone and a vSwitch.

   • Security Groups: Select a security group that belongs to your Alibaba Cloud account. Access from and to the CIDR block of the vSwitch in which the data source resides must be allowed in the inbound and outbound rules of the security group.

4. Add a route for the resource group and configure a route forwarding policy.

   1. Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the resource group, and then click Network Settings in the Actions column. The VPC Binding tab appears.

   2. On the VPC Binding tab, find the VPC association record and click Custom Route in the Actions column. In the Custom Route panel, click Add Route. In the Add Route dialog box, configure the parameters to add a route for the resource group. You must configure the following parameters:

      • Destination Type: Select VPC.

      • Connection Method: Select CIDR Block.

      • Destination CIDR Block: Enter the CIDR block of the vSwitch in which the data source resides.

5. Configure the IP address whitelist of the data source.

   1. View the CIDR block that needs to be added to the IP address whitelist of the data source.

      On the Resource Groups page in the DataWorks console, find the resource group and click Network Settings in the Actions column to view the vSwitch CIDR Block. For more information, see Configure an IP address whitelist.

   2. Add the CIDR block to the IP address whitelist of the data source.

6. Test the network connectivity.

   • If the data source is a data source supported by DataWorks, go to the Data Sources page and click Add Data Source. In the Add Data Source dialog box, find the resource group that is connected to the data source and click Test Network Connectivity in the Connection Status column.

   • If the data source is not a data source supported by DataWorks, test the network connectivity with the data source in the business code based on your business requirements.

References

• For more information about how to establish a network connection between a resource group and a data source, see Establish a network connection between a resource group and a data source.

• For more information about how to purchase a bandwidth plan and create inter-region connections, see Work with a bandwidth plan.

• For more information about how to allocate bandwidth resources to the inter-region connections, see Manage inter-region connections.