All Products
Search

This Product

    MaxCompute:Access MaxCompute through PrivateLink

    Document Center

    MaxCompute:Access MaxCompute through PrivateLink

    Last Updated:Feb 26, 2026

    PrivateLink establishes secure and stable private connections between a virtual private cloud (VPC) and Alibaba Cloud services, simplifying the network architecture. Accessing OSS over a private network using PrivateLink helps avoid potential security risks from public network access. This topic describes how to privately access MaxCompute resources using an interface endpoint.

    Region Restrictions

    Usage

    Region

    Direct access

    China (Hangzhou)

    China (Shanghai)

    China (Beijing)

    China (Zhangjiakou)

    China (Ulanqab)

    China (Shenzhen)

    China (Chengdu)

    China (Hong Kong)

    Ticket required

    Singapore

    Malaysia (Kuala Lumpur)

    Indonesia (Jakarta)

    Japan (Tokyo)

    Frankfurt

    Silicon Valley

    Virginia

    Billing

    • Activating PrivateLink is free of charge. After activation, you are charged on an hourly pay-as-you-go basis based on your actual usage of the PrivateLink service. Fees include instance fees and data transfer fees. For more information, see PrivateLink billing.

    • PrivateLink uses a service consumer-pays billing model. For more information, see PrivateLink billing.

    • For dedicated services, the service consumer is also responsible for the dedicated service fees.

    Components

    PrivateLink involves components related to two main entities: the service consumer and the service provider.

    Entity

    Related components

    Service consumer

    • Endpoint

    • Endpoint zone and network interface controller (NIC)

    • Endpoint security group

    Service provider

    • Endpoint service

    • Service resource

    • Service whitelist

    • Endpoint connection

    For more information, see What is PrivateLink.

    Procedure

    Step 1: Create endpoints

    1. Create a virtual private cloud (VPC) and a vSwitch. For more information, see Virtual Private Cloud and vSwitches.

    2. Create the frontend interface endpoint. The endpoint, VPC, and vSwitch must be in the same region.

      1. Log on to the Virtual Private Cloud (VPC) console.

      2. In the navigation pane on the left, choose Endpoints. In the upper-left corner, select a region.

        This example uses China (Shenzhen).

      3. On the Endpoints page, click the Interface Endpoint tab.

      4. Click Create Endpoint. If this is your first time accessing the service, click Enable PrivateLink first.

      5. On the Create Endpoint page, configure the parameters as follows. Use the default configurations for the other parameters.

        Parameter

        Description

        Endpoint Name

        Enter a custom name for the endpoint.

        Endpoint Type

        Select Interface Endpoint. This indicates that the service consumer accesses the service from the service provider through an interface endpoint.

        Endpoint Service

        • In this example, select Alibaba Cloud Service, enter com.aliyuncs.privatelink.cn-shenzhen.maxcompute.frontend in the Endpoint Service Name search box, and select the endpoint service.

        • An endpoint can be associated with only one endpoint service.

        VPC

        Select the VPC where you want to create the endpoint.

        Security Groups

        Select a security group to associate with the endpoint NIC. The security group controls data communication for the endpoint NIC.

        Zone and vSwitch

        Select the zone that corresponds to the endpoint service, and then select a vSwitch in that zone. The system automatically creates an endpoint NIC in each vSwitch.

    3. Create the tunnel-associated endpoint.

      1. On the Endpoints page, click the Interface Endpoint tab.

      2. Click the Create Endpoint button.

      3. On the Create Endpoint page, configure the parameters as follows. Use the default configurations for the other parameters.

        Parameter

        Description

        Endpoint Name

        Enter a custom name for the endpoint.

        Endpoint Type

        Select Interface Endpoint, which indicates that the service consumer accesses the service from the service provider through an interface endpoint.

        Endpoint Service

        • In this example, select Alibaba Cloud Service, enter com.aliyuncs.privatelink.cn-shenzhen.maxcompute.tunnel.share in the Endpoint Service Name search box, and select the endpoint service.

        • An endpoint can be associated with only one endpoint service.

        VPC

        Select the VPC where you want to create the endpoint.

        Security Groups

        Select a security group to associate with the endpoint NIC. The security group controls data communication for the endpoint NIC.

        Zone and vSwitch

        Select the zone that corresponds to the endpoint service, and then select a vSwitch in that zone. The system automatically creates an endpoint NIC in each vSwitch.

    The two endpoints are interdependent. You must enable both endpoints at the same time. Otherwise, connectivity may fail.

    Step 2: Enable domain name access

    1. Log on to the Virtual Private Cloud (VPC) console.

    2. In the navigation pane on the left, choose Endpoints. In the upper-left corner, select a region.

    3. On the Endpoints page, click the name of the target endpoint.

      In this example, select the frontend node.

    4. On the endpoint details page, click the Basic Information tab.

      In the Domain Name of Endpoint Service section, turn on the Custom Domain Name switch.

    Domain names by region

    MaxCompute supports both HTTP and HTTPS protocols. Use the protocol that meets your requirements.

    Region

    City

    Status

    MaxCompute Endpoint

    Tunnel Endpoint

    China

    China (Hangzhou)

    Launched

    http://service-pvl.cn-hangzhou-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-hangzhou-vpc.maxcompute.aliyun-inc.com

    China

    China (Shanghai)

    Launched

    http://service-pvl.cn-shanghai-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-shanghai-vpc.maxcompute.aliyun-inc.com

    China

    China (Beijing)

    Launched

    http://service-pvl.cn-beijing-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-beijing-vpc.maxcompute.aliyun-inc.com

    China

    China (Zhangjiakou)

    Launched

    http://service-pvl.cn-zhangjiakou-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-zhangjiakou-vpc.maxcompute.aliyun-inc.com

    China

    China (Ulanqab)

    Launched

    http://service-pvl.cn-wulanchabu-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-wulanchabu-vpc.maxcompute.aliyun-inc.com

    China

    China (Shenzhen)

    Launched

    http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com

    China

    China (Chengdu)

    Launched

    http://service-pvl.cn-chengdu-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-chengdu-vpc.maxcompute.aliyun-inc.com

    China

    Hong Kong

    Launched

    http://service-pvl.cn-hongkong-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-hongkong-vpc.maxcompute.aliyun-inc.com

    Step 3: Usage

    1. Download and install the MaxCompute client (odpscmd).

    2. Configure the odps_config.ini file. For detailed steps and parameter descriptions, see Connect using a local client (odpscmd). The following figure shows an example:

      • end_point: http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api

      • tunnel_endpoint: http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com

      image

    3. The following figure shows a successful connection:

      image