PrivateLink establishes secure and stable private connections between a Virtual Private Cloud (VPC) and Alibaba Cloud services to simplify your network architecture. Accessing services such as Object Storage Service (OSS) through PrivateLink avoids security risks associated with public network access. This topic describes how to use an endpoint to privately access MaxCompute resources.
Supported regions
This service is available in the following regions: China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Shenzhen), China (Chengdu), China (Hong Kong), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Japan (Tokyo), South Korea (Seoul), Germany (Frankfurt), US (Silicon Valley), and US (Virginia).
Billing
-
You are not charged for enabling PrivateLink. After you enable it, you are charged hourly based on usage. Fees include an instance fee and a data processing fee. For more information, see PrivateLink billing.
-
PrivateLink uses a consumer-pays model. For more information, see PrivateLink billing.
-
If you use a dedicated service, the service consumer is also responsible for the dedicated service fees.
Components
PrivateLink involves components for two parties: the service consumer and the service provider.
|
Party |
Component |
|
service consumer |
|
|
service provider |
|
For more information, see What is PrivateLink?.
Procedure
Step 1: Create endpoints
-
Create a VPC and a vSwitch. For more information, see VPCs and vSwitches.
-
Create an interface endpoint for the frontend service. The endpoint, VPC, and vSwitch must be in the same region.
-
Log in to the Virtual Private Cloud console.
-
In the navigation pane on the left, choose Endpoints. In the top-left corner, select a region.
This example uses China (Shenzhen).
-
On the Endpoints page, click the Interface Endpoint tab.
-
Click Create Endpoint. If you are using this service for the first time, first click Enable PrivateLink.
-
On the Create Endpoint page, configure the parameters as described in the following instructions. Leave the other parameters at their default settings.
Parameter
Description
Endpoint Name
Enter a custom name for the endpoint.
Endpoint Type
Select Interface Endpoint. This type allows a service consumer to access a service through an interface endpoint.
Endpoint Service
-
Select Alibaba Cloud Service. In the Endpoint Service Name search box, enter
com.aliyuncs.privatelink.cn-shenzhen.maxcompute.frontendand select the service. -
An endpoint can connect to only one endpoint service.
VPC
Select the VPC in which you want to create the endpoint.
Security Groups
Select a security group to associate with the endpoint's elastic network interface. The security group controls data traffic for the elastic network interface.
Zone and vSwitch
Select an availability zone that the endpoint service supports, and then select a vSwitch in that zone. The system automatically creates an elastic network interface for the endpoint in each selected vSwitch.
-
-
-
Create an endpoint for the tunnel service.
-
On the Endpoints page, click the Interface Endpoint tab.
-
Click Create Endpoint.
-
On the Create Endpoint page, configure the parameters as described in the following instructions. Leave the other parameters at their default settings.
Parameter
Description
Endpoint Name
Enter a custom name for the endpoint.
Endpoint Type
Select Interface Endpoint. This type allows a service consumer to access a service through an interface endpoint.
Endpoint Service
-
Select Alibaba Cloud Service. In the Endpoint Service Name search box, enter
com.aliyuncs.privatelink.cn-shenzhen.maxcompute.tunnel.shareand select the service. -
An endpoint can connect to only one endpoint service.
VPC
Select the VPC in which you want to create the endpoint.
Security Groups
Select a security group to associate with the endpoint's elastic network interface. The security group controls data traffic for the elastic network interface.
Zone and vSwitch
Select an availability zone that the endpoint service supports, and then select a vSwitch in that zone. The system automatically creates an elastic network interface for the endpoint in each selected vSwitch.
-
-
These two endpoints are interdependent. Enable both at the same time to prevent connection failures.
Step 2: Enable domain name access
-
Log in to the Virtual Private Cloud console.
-
In the navigation pane on the left, choose Endpoints. In the top-left corner, select a region.
-
On the Endpoints page, click the name of the target endpoint.
This example uses the frontend endpoint.
-
On the endpoint details page, click the Basic Information tab.
In the Domain Name of Endpoint Service section, turn on the Custom Domain Name switch.
Endpoint URLs by region
MaxCompute endpoints support both the HTTP and HTTPS protocols. Use the protocol that meets your requirements.
|
Area |
Region |
Status |
MaxCompute endpoint |
Tunnel endpoint |
|
China |
China (Hangzhou) |
Available |
http://service-pvl.cn-hangzhou-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-hangzhou-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Shanghai) |
Available |
http://service-pvl.cn-shanghai-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-shanghai-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Beijing) |
Available |
http://service-pvl.cn-beijing-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-beijing-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Zhangjiakou) |
Available |
http://service-pvl.cn-zhangjiakou-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-zhangjiakou-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Ulanqab) |
Available |
http://service-pvl.cn-wulanchabu-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-wulanchabu-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Shenzhen) |
Available |
http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Chengdu) |
Available |
http://service-pvl.cn-chengdu-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-chengdu-vpc.maxcompute.aliyun-inc.com |
|
China |
China (Hong Kong) |
Available |
http://service-pvl.cn-hongkong-vpc.maxcompute.aliyun-inc.com/api |
http://dt-pvl.cn-hongkong-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
Singapore |
Available |
https://service-pvl.ap-southeast-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-southeast-1-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
Malaysia (Kuala Lumpur) |
Available |
https://service-pvl.ap-southeast-3-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-southeast-3-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
Indonesia (Jakarta) |
Available |
https://service-pvl.ap-southeast-5-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-southeast-5-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
Japan (Tokyo) |
Available |
https://service-pvl.ap-northeast-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-northeast-1-vpc.maxcompute.aliyun-inc.com |
|
Asia Pacific |
South Korea (Seoul) |
Available |
https://service-pvl.ap-northeast-2-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.ap-northeast-2-vpc.maxcompute.aliyun-inc.com |
|
Europe & Americas |
Germany (Frankfurt) |
Available |
https://service-pvl.eu-central-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.eu-central-1-vpc.maxcompute.aliyun-inc.com |
|
Europe & Americas |
US (Silicon Valley) |
Available |
https://service-pvl.us-west-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.us-west-1-vpc.maxcompute.aliyun-inc.com |
|
Europe & Americas |
US (Virginia) |
Available |
https://service-pvl.us-east-1-vpc.maxcompute.aliyun-inc.com/api |
https://dt-pvl.us-east-1-vpc.maxcompute.aliyun-inc.com |
Step 3: Use the odpscmd client
-
Ensure that you have downloaded and installed the odpscmd client.
-
Configure the odps_config.ini file. For more information about the procedure and parameters, see Connect to MaxCompute by using the odpscmd client. The following is an example configuration:
-
end_point:
http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api -
tunnel_endpoint:
http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com
############################################ Required fields ############################################ project_name=xxx access_id=xxx access_key=xxx end_point=http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api ############################################ Optional fields ############################################ log_view_host=http://logview.odps.aliyun.com # https_check= # confirm threshold for query input size(unit: GB) # data_size_confirm= # this url is for odpscmd update # update_url= # download sql results by instance tunnel use_instance_tunnel=true # the max records when download sql results by instance tunnel instance_tunnel_max_record=10000 # IMPORTANT: # If leaving tunnel_endpoint untouched, console will try to automatically get one from odps service, which might charge networking fees in some cases. # Please refer to https://help.aliyun.com/document_detail/34951.html tunnel_endpoint=http://dt-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com # use set.<key>= # e.g. set.odps.sql.select.output.format= -
-
A successful connection produces output similar to the following:
[root@iZxxx vZ ~]# cd bin [root@iZxxx vZ bin]# ./odpscmd --config=test.conf __ --- ---/ /--- --- ---- --- - ----/ / / _ \/ _ // _ \ (_-</ __// ' \/ _ / \___/\_,_// .__//___/\__//_//_/\_,_/ /_/ Aliyun ODPS Command Line Tool Version 0.40.10 @Copyright 2020 Alibaba Cloud Computing Co., Ltd. All rights reserved. Connecting to http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api, project: xxx Endpoint: http://service-pvl.cn-shenzhen-vpc.maxcompute.aliyun-inc.com/api Project: xxx Quota: default in region N/A Timezone: Asia/Shanghai Connected!