All Products
Search

This Product

    MaxCompute:Access MaxCompute through PrivateLink

    Document Center

    MaxCompute:Access MaxCompute through PrivateLink

    Last Updated:Dec 02, 2025

    PrivateLink lets you establish secure and stable private connections between a virtual private cloud (VPC) and Alibaba Cloud services, which simplifies the network architecture. Accessing OSS over a private network using PrivateLink helps you avoid the potential security risks of public network access. This topic describes how to use an endpoint to privately access MaxCompute resources.

    Regions

    Usage

    Region

    Direct access

    China (Hangzhou)

    China (Shanghai)

    China (Beijing)

    China (Zhangjiakou)

    China (Ulanqab)

    China (Shenzhen)

    China (Chengdu)

    China (Hong Kong)

    Ticket required

    Singapore

    Malaysia (Kuala Lumpur)

    Indonesia (Jakarta)

    Japan (Tokyo)

    Frankfurt

    Silicon Valley

    Virginia

    Billing

    • There is no charge for activating PrivateLink. After you activate the service, you are charged on an hourly pay-as-you-go basis. The fees include instance fees and data transfer fees. For more information, see PrivateLink billing.

    • PrivateLink uses a service consumer-pays model. For more information, see PrivateLink billing.

    • For dedicated services, the service consumer is also responsible for the service fees.

    Components

    PrivateLink involves components related to two main entities: the service consumer and the service provider.

    Entity

    Related components

    Service consumer

    • Endpoint

    • Endpoint zone and ENI

    • Endpoint security group

    Service provider

    • Endpoint service

    • Service resource

    • Service whitelist

    • Endpoint connection

    For more information, see What is PrivateLink.

    Procedure

    Step 1: Create endpoints

    1. Create a virtual private cloud (VPC) and a vSwitch. For more information, see Virtual Private Cloud and vSwitches.

    2. Create the frontend interface endpoint. The endpoint, VPC, and vSwitch must be in the same region.

      1. Log on to the Virtual Private Cloud (VPC) console.

      2. In the navigation pane on the left, click Endpoints. In the upper-left corner, select a region.

        This example uses China (Shenzhen).

      3. On the Endpoints page, select the Interface Endpoint tab.

      4. Click Create Endpoint. If this is your first time accessing the service, click Enable PrivateLink first.

      5. On the Create Endpoint page, configure the parameters as follows. Keep the default configurations for other parameters.

        Parameter

        Description

        Endpoint Name

        Enter a custom name for the endpoint.

        Endpoint Type

        Select Interface Endpoint. This indicates that the service consumer accesses the service from the service provider through an interface endpoint.

        Endpoint Service

        • In this example, select Alibaba Cloud Service, enter com.aliyuncs.privatelink.cn-shenzhen.maxcompute.frontend in the Endpoint Service Name search box, and select the endpoint service.

        • An endpoint can be associated with only one endpoint service.

        VPC

        Select the VPC where you want to create the endpoint.

        Security Groups

        Select a security group to associate with the endpoint ENI. The security group controls data communication for the endpoint ENI.

        Zone and vSwitch

        Select the zone that corresponds to the endpoint service, and then select a vSwitch in that zone. The system automatically creates an endpoint ENI in each vSwitch.

    3. Create the tunnel-associated endpoint.

      1. On the Endpoints page, select the Interface Endpoint tab.

      2. Click the Create Endpoint button.

      3. On the Create Endpoint page, configure the parameters as follows. Keep the default configurations for other parameters.

        Parameter

        Description

        Endpoint Name

        Enter a custom name for the endpoint.

        Endpoint Type

        Select Interface Endpoint, which indicates that the service consumer accesses the service from the service provider through an interface endpoint.

        Endpoint Service

        • In this example, select Alibaba Cloud Service, enter com.aliyuncs.privatelink.cn-shenzhen.maxcompute.tunnel.share in the Endpoint Service Name search box, and select the endpoint service.

        • An endpoint can be associated with only one endpoint service.

        VPC

        Select the VPC where you want to create the endpoint.

        Security Groups

        Select a security group to associate with the endpoint ENI. The security group controls data communication for the endpoint ENI.

        Zone and vSwitch

        Select the zone that corresponds to the endpoint service, and then select a vSwitch in that zone. The system automatically creates an endpoint ENI in each vSwitch.

    The two endpoints are interdependent. You must enable both at the same time. Otherwise, connectivity may fail.

    Step 2: Enable domain name access

    1. Log on to the Virtual Private Cloud (VPC) console.

    2. In the navigation pane on the left, click Endpoints. In the upper-left corner, select a region.

    3. On the Endpoints page, click the name of the target endpoint.

      In this example, select the frontend node.

    4. On the endpoint details page, click the Basic Information tab.

      In the Domain Name of Endpoint Service section, turn on the Custom Domain Name switch.

    Domain names by region

    Region

    City

    Status

    MaxCompute Endpoint

    Tunnel Endpoint

    China

    China (Hangzhou)

    Launched

    http://service-pvl.cn-hangzhou-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-hangzhou-vpc.maxcompute.aliyun-inc.com

    China

    China (Shanghai)

    Launched

    http://service-pvl.cn-shanghai-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-shanghai-vpc.maxcompute.aliyun-inc.com

    China

    China (Beijing)

    Launched

    http://service-pvl.cn-beijing-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-beijing-vpc.maxcompute.aliyun-inc.com

    China

    China (Zhangjiakou)

    Launched

    http://service-pvl.cn-zhangjiakou-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-zhangjiakou-vpc.maxcompute.aliyun-inc.com

    China

    China (Ulanqab)

    Launched

    http://service-pvl.cn-wulanchabu-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-wulanchabu-vpc.maxcompute.aliyun-inc.com

    China

    China (Shenzhen)

    Launched

    http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com

    China

    China (Chengdu)

    Launched

    http://service-pvl.cn-chengdu-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-chengdu-vpc.maxcompute.aliyun-inc.com

    China

    Hong Kong

    Launched

    http://service-pvl.cn-hongkong-vpc.maxcompute.aliyun-inc.com/api

    http://dt-pvl.cn-hongkong-vpc.maxcompute.aliyun-inc.com

    Step 3: Usage

    1. Download and install the MaxCompute client (odpscmd).

    2. Configure the odps_config.ini file. For detailed steps and parameter descriptions, see Connect using a local client (odpscmd). The following figure shows an example:

      • end_point: http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api

      • tunnel_endpoint: http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com

      image

    3. The following figure shows a successful connection:

      image