PrivateLink establishes secure and stable private connections between a Virtual Private Cloud (VPC) and Alibaba Cloud services to simplify your network architecture. Accessing services such as Object Storage Service (OSS) through PrivateLink avoids security risks associated with public network access. This topic describes how to use an endpoint to privately access MaxCompute resources.
Supported regions
This service is available in the following regions: China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Shenzhen), China (Chengdu), China (Hong Kong), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Japan (Tokyo), South Korea (Seoul), Germany (Frankfurt), US (Silicon Valley), and US (Virginia).
Billing
-
You are not charged for enabling PrivateLink. After you enable it, you are charged hourly based on usage. Fees include an instance fee and a data processing fee. For more information, see PrivateLink billing.
-
PrivateLink uses a consumer-pays model. For more information, see PrivateLink billing.
-
If you use a dedicated service, the service consumer is also responsible for the dedicated service fees.
Components
PrivateLink involves components for two parties: the service consumer and the service provider.
|
Party |
Component |
|
service consumer |
|
|
service provider |
|
For more information, see What is PrivateLink?.
Procedure
Step 1: Create endpoints
-
Create a VPC and a vSwitch. For more information, see VPCs and vSwitches.
-
Create an interface endpoint for the frontend service. The endpoint, VPC, and vSwitch must be in the same region.
-
登录专有网络管理控制台。
-
在左侧导航栏选择Endpoints,在左上角选择地域。
This example uses China (Shenzhen).
-
在Endpoints页面,选择接口终端节点页签。
-
单击Create Endpoint。若首次访问,需要先单击开通私网连接服务。
-
在Create Endpoint页面,按以下说明配置各项参数,其他参数保留默认配置。
Parameter
Description
Endpoint Name
Enter a custom name for the endpoint.
Endpoint Type
Select Interface Endpoint. This type allows a service consumer to access a service through an interface endpoint.
Endpoint Service
-
Select Alibaba Cloud Service. In the Endpoint Service Name search box, enter
com.aliyuncs.privatelink.cn-shenzhen.maxcompute.frontendand select the service. -
An endpoint can connect to only one endpoint service.
VPC
Select the VPC in which you want to create the endpoint.
Security Groups
Select a security group to associate with the endpoint's elastic network interface. The security group controls data traffic for the elastic network interface.
Zone and vSwitch
Select an availability zone that the endpoint service supports, and then select a vSwitch in that zone. The system automatically creates an elastic network interface for the endpoint in each selected vSwitch.
-
-
-
Create an endpoint for the tunnel service.
-
在Endpoints页面,选择接口终端节点页签。
-
Click Create Endpoint.
-
在Create Endpoint页面,按以下说明配置各项参数,其他参数保留默认配置。
Parameter
Description
Endpoint Name
Enter a custom name for the endpoint.
Endpoint Type
Select Interface Endpoint. This type allows a service consumer to access a service through an interface endpoint.
Endpoint Service
-
Select Alibaba Cloud Service. In the Endpoint Service Name search box, enter
com.aliyuncs.privatelink.cn-shenzhen.maxcompute.tunnel.shareand select the service. -
An endpoint can connect to only one endpoint service.
VPC
Select the VPC in which you want to create the endpoint.
Security Groups
Select a security group to associate with the endpoint's elastic network interface. The security group controls data traffic for the elastic network interface.
Zone and vSwitch
Select an availability zone that the endpoint service supports, and then select a vSwitch in that zone. The system automatically creates an elastic network interface for the endpoint in each selected vSwitch.
-
-
These two endpoints are interdependent. Enable both at the same time to prevent connection failures.
Step 2: Enable domain name access
-
登录专有网络管理控制台。
-
在左侧导航栏选择Endpoints,在左上角选择地域。
-
在Endpoints页面,单击目标终端节点名称。
This example uses the frontend endpoint.
-
在该终端节点详情页,单击Basic Information页签。
在Domain Name of Endpoint Service区域,打开Custom Domain Name开关。
Endpoint URLs by region
MaxCompute endpoints support both the HTTP and HTTPS protocols. Use the protocol that meets your requirements.
|
Area |
Region |
Status |
MaxCompute endpoint |
Tunnel endpoint |
|
China |
China (Hangzhou) |
Available |
http://service-pvl.cn-hangzhou-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-hangzhou-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Shanghai) |
Available |
http://service-pvl.cn-shanghai-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-shanghai-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Beijing) |
Available |
http://service-pvl.cn-beijing-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-beijing-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Zhangjiakou) |
Available |
http://service-pvl.cn-zhangjiakou-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-zhangjiakou-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Ulanqab) |
Available |
http://service-pvl.cn-wulanchabu-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-wulanchabu-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Shenzhen) |
Available |
http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Chengdu) |
Available |
http://service-pvl.cn-chengdu-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-chengdu-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Hong Kong) |
Available |
http://service-pvl.cn-hongkong-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-hongkong-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
Singapore |
Available |
https://service-pvl.ap-southeast-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-southeast-1-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
Malaysia (Kuala Lumpur) |
Available |
https://service-pvl.ap-southeast-3-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-southeast-3-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
Indonesia (Jakarta) |
Available |
https://service-pvl.ap-southeast-5-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-southeast-5-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
Japan (Tokyo) |
Available |
https://service-pvl.ap-northeast-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-northeast-1-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
South Korea (Seoul) |
Available |
https://service-pvl.ap-northeast-2-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-northeast-2-vpc.maxcompute.aliyun-inc.com |
|
Europe & Americas |
Germany (Frankfurt) |
Available |
https://service-pvl.eu-central-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.eu-central-1-vpc.maxcompute.aliyun-inc.com |
|
Europe & Americas |
US (Silicon Valley) |
Available |
https://service-pvl.us-west-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.us-west-1-vpc.maxcompute.aliyun-inc.com |
|
Europe & Americas |
US (Virginia) |
Available |
https://service-pvl.us-east-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.us-east-1-vpc.maxcompute.aliyun-inc.com |
Step 3: Use the odpscmd client
-
Ensure that you have downloaded and installed the odpscmd client.
-
Configure the odps_config.ini file. For more information about the procedure and parameters, see Connect to MaxCompute by using the odpscmd client. The following is an example configuration:
-
end_point:
http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api -
tunnel_endpoint:
http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com
############################################ Required fields ############################################ project_name=xxx access_id=xxx access_key=xxx end_point=http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api ############################################ Optional fields ############################################ log_view_host=http://logview.odps.aliyun.com # https_check= # confirm threshold for query input size(unit: GB) # data_size_confirm= # this url is for odpscmd update # update_url= # download sql results by instance tunnel use_instance_tunnel=true # the max records when download sql results by instance tunnel instance_tunnel_max_record=10000 # IMPORTANT: # If leaving tunnel_endpoint untouched, console will try to automatically get one from odps service, which might charge networking fees in some cases. # Please refer to https://www.alibabacloud.com/help/document_detail/34951.html tunnel_endpoint=http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com # use set.<key>= # e.g. set.odps.sql.select.output.format= -
-
A successful connection produces output similar to the following:
[root@iZxxx vZ ~]# cd bin [root@iZxxx vZ bin]# ./odpscmd --config=test.conf __ --- ---/ /--- --- ---- --- - ----/ / / _ \/ _ // _ \ (_-</ __// ' \/ _ / \___/\_,_// .__//___/\__//_//_/\_,_/ /_/ Aliyun ODPS Command Line Tool Version 0.40.10 @Copyright 2020 Alibaba Cloud Computing Co., Ltd. All rights reserved. Connecting to http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api, project: xxx Endpoint: http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api Project: xxx Quota: default in region N/A Timezone: Asia/Shanghai Connected!