Tablestore allows you to use virtual private clouds (VPCs) to isolate networks. This improves the resource access security.
By default, Tablestore allows unrestricted access over all networks. In this case, you can configure a network access control list (ACL) for a Tablestore instance. This way, you can restrict the types of networks from which users can access the Tablestore instance. This ensures network access security. For more information, see Network ACL and Network security management.
Tablestore supports different combinations of network types to meet different network security requirements.
By default, Tablestore creates a public endpoint, a VPC endpoint, and a classic network endpoint for each Tablestore instance. For more information, see Endpoints.
Network type | Description |
All networks | The instance can be accessed over all networks. For example, you can use the public endpoint, classic network endpoint, VPC endpoint, or Tablestore console to access the instance. |
Tablestore console and VPCs | The instance can be accessed only from the Tablestore console or over the bound VPCs. This method isolates your instance from networks outside your VPCs. You cannot access the instance over the Internet or the classic network. Important Before you select this network type for an instance, make sure that your business does not require access over the Internet or the classic network. |
VPCs | The instance can be accessed only over the bound VPCs. You cannot access the instance over the Internet, the classic network, or from the Tablestore console. In addition, you cannot access resources of the instance from the Tablestore console. This provides better network isolation. Important Before you select this network type for an instance, make sure that your business does not require access over the Internet or the classic network, or from the Tablestore console. |