By default, Elastic Algorithm Service (EAS) online services of Platform for AI (PAI) do not support Internet access. If you want to allow EAS online services to access the Internet, you must configure Internet access for the services. If an EAS online service needs to access a cloud service that allows access only from specific IP addresses, you must add the IP address of the EAS online service to a whitelist of the cloud service. This way, the EAS online service can access the cloud service. This topic describes how to configure Internet access and obtain and add the required public IP address or internal CIDR block to a whitelist.
Configure Internet access
By default, EAS online services do not support Internet access. If your EAS online service needs to access the Internet, you must create an Internet NAT gateway in your virtual private cloud (VPC) and associate an elastic IP address (EIP) with the gateway. Then, you must connect the dedicated or public resource group to which the EAS online service belongs to the VPC to allow the service to access the Internet. To configure Internet access, perform the following steps:
Optional. Create a VPC and configure Internet access for the VPC.
NoteIf you have a VPC that contains an Internet NAT gateway associated with an EIP, skip this step.
Log on to the VPC console.
Check whether a VPC exists. If no VPCs exist, create a VPC. For more information, see Step 1: Create a VPC and a vSwitch.
On the Elastic IP Addresses page, create an EIP. For more information, see Apply for an EIP.
On the Internet NAT Gateway page, create a NAT gateway and then associate the created EIP with the NAT gateway. For more information, see Use the SNAT feature of an Internet NAT gateway to access the Internet.
Configure VPC direct connection for an EAS online service. For more information, see the "Enable VPC direct connection in the console" section in the Configure network connectivity topic.
After the VPC direct connection is configured, the EAS online service can access the Internet.
Configure a whitelist
If an EAS online service needs to access a cloud service that allows access only from specific IP addresses, you must add the IP address of the EAS online service to a whitelist of the cloud service. This way, the EAS online service can access the cloud service. To configure a whitelist, perform the following steps:
Obtain the public IP address or internal CIDR block of the EAS online service.
Obtain the public IP address of the EAS online service
Log on to the VPC console and follow the instructions shown in the following figure to obtain the public IP address of the EAS online service. The public IP address is the IP address of the EIP that is created and associated with the NAT gateway in the Configure Internet access section.
Obtain the internal CIDR block of the EAS online service
Log on to the VPC console and follow the instructions shown in the following figure to obtain the internal CIDR block of the EAS online service. This internal CIDR block is the CIDR block that is configured for your vSwitch.
Configure a whitelist.
After you obtain the public IP address or internal CIDR block of the EAS online service, you can add the IP address to a whitelist of the cloud service that you want to access.
References
For information about how to configure an SNAT entry on an Internet NAT gateway to enable Internet access for an EAS online service, see Use the SNAT feature of an Internet NAT gateway to access the Internet.
You can configure log collection for a resource group. After the configuration is complete, EAS collects the logs generated by EAS online services that are deployed in the resource group and stores the logs in a Simple Log Service Logstore. For more information, see Configure log collection for a resource group.
EAS online services provide multiple methods that you can use to deploy model services based on your business requirements. For more information, see Overview.