Virtual Private Cloud (VPC) allows you to create network access control lists (ACLs) to implement access control. In addition, it allows you to use access control features supported by other cloud services deployed in VPC networks to facilitate access control. For example, you can use security groups supported by Elastic Compute Service (ECS), or whitelists supported by Server Load Balancer (SLB) and ApsaraDB for RDS.
Network ACL is a feature provided by VPC for network access control. You can customize the rules of a network ACL and associate the network ACL with a VSwitch to control inbound and outbound traffic of the ECS instances connected to the VSwitch. For more information, see Network ACL overview.
ECS security groups
Security groups act as virtual firewalls that provide Stateful Packet Inspection (SPI) and packet filtering features. Security groups are used to isolate security domains on the cloud. You can configure security group rules to control the inbound and outbound traffic of ECS instances in the group. For more information, see Security group overview.
To connect to an ApsaraDB for RDS instance that resides in a VPC, you must add the IP address of the client to the RDS whitelist. Otherwise, the client is unable to connect to the RDS instance. Requests from IP addresses that are not included in the whitelist are blocked. For more information, see Configure a whitelist for an RDS MySQL instance.
SLB is a service that distributes traffic to multiple ECS instances based on forwarding rules. You can configure IP addresses for SLB listeners to forward requests. This method is applicable when only specific IP addresses are allowed to access an application. For more information, see Configure access control.