To ensure the data security of your resources, you can authorize specific users to access your resources by using service whitelists and endpoint security groups.
Add Alibaba Cloud account IDs to a service whitelist
After an endpoint service is created, the Alibaba Cloud account ID of the service owner is automatically added to the service whitelist of the endpoint service. Users whose Alibaba Cloud account IDs are in the service whitelist of the endpoint service can query the endpoint service and create endpoints to connect to the endpoint service. If you want a virtual private cloud (VPC) that belongs to another Alibaba Cloud account to access the endpoint service, you must add the ID of the Alibaba Cloud account to the service whitelist of the endpoint service. For more information, see Manage account IDs in the whitelist of an endpoint service.
Related API operations
AddUserToVpcEndpointService: Adds an account ID to the whitelist of an endpoint service.
ListVpcEndpointServiceUsers: Queries the whitelist of an endpoint service.
RemoveUserFromVpcEndpointService: Removes an account ID from the whitelist of an endpoint service.
Associate an endpoint with a security group
After you create an endpoint for a VPC, you can associate the endpoint with a security group. The security group can control the traffic between the VPC and the elastic network interface (ENI) of the endpoint. If you no longer need the security group, you can remove the endpoint from the security group. For more information, see Manage security groups.
Related API operations
AttachSecurityGroupToVpcEndpoint: Associates an endpoint with a security group.
ListVpcEndpointSecurityGroups: Queries the security groups that are associated with an endpoint.
DetachSecurityGroupFromVpcEndpoint: Disassociates an endpoint from a security group.