Configure Internet access and a whitelist - Machine Learning Platform for AI

This topic describes how to configure Internet access, and how to obtain and add the required public IP address or internal CIDR block to a whitelist.

Background information

For more information about networking solutions used to establish connections between EAS and the Internet, see Use the SNAT feature of an Internet NAT gateway to access the Internet.

Configure Internet access

By default, EAS services do not support Internet access. If your EAS service needs to access the Internet, you must first create an Internet NAT gateway in your virtual private cloud (VPC) and associate an elastic IP address (EIP) with the gateway. Then, you must connect the dedicated or public resource group in which the EAS service resides to the VPC. This way, the EAS service can access the Internet. The following section shows the detailed procedure.

Optional: Create a VPC and enable Internet access for the VPC.

Note If you have a VPC that contains an Internet NAT gateway associated with an EIP, skip this step.
1. Log on to the VPC console.
2. Check whether a VPC exists. If not, create one. For more information, see Step 1: Create a VPC and a vSwitch.
3. On the Elastic IP Addresses page, create an EIP. For more information, see Apply for an EIP.
4. On the Internet NAT Gateway page, create a NAT gateway and associate the created EIP with the gateway. For more information, see Use the SNAT feature of an Internet NAT gateway to access the Internet.
Enable VPC direction connection for an EAS service.
- If the service is deployed in an EAS public resource group, see the Configure networking for the public resource group topic to enable the feature.
- If the service is deployed in an EAS dedicated resource group, see the Configure networking for a dedicated resource group topic to enable the feature.

After the feature is enabled, the service can access the Internet.

Configure a whitelist

If an EAS service needs to access a cloud service that allows access only from specific IP addresses, you must add the IP address of the service to a whitelist of the cloud service. This way, the service can access the cloud service. The following section shows the detailed procedure.

Obtain the public IP address or internal CIDR block.
- Obtain the public IP address
  Log on to the VPC console and follow the instructions shown in the following figure to obtain the public IP address. This public IP address is the IP address of the EIP that is created and associated with the NAT gateway in the previous section.
- Obtain the internal CIDR block
  Log on to the VPC console and follow the instructions shown in the following figure to obtain the internal CIDR block. This CIDR block is the one that is configured for your vSwitch.
Configure a whitelist.
After you obtain the public IP address or internal CIDR block, you can add the IP information to a whitelist of the cloud service that you want to access.