PrivateLink establishes secure and stable private connections between a Virtual Private Cloud (VPC) and Alibaba Cloud services. It simplifies your network architecture and provides private access to services. This helps you avoid the security risks of accessing services over the public internet. This topic describes how to use an endpoint to privately access Simple Message Queue (formerly MNS).
Scenarios
You can use a PrivateLink endpoint to access Simple Message Queue (formerly MNS) from a specified VPC in the following scenarios:
Isolate network links for instance-based products.
Build cloud networks and cross-region networks with Cloud Enterprise Network (CEN).
In a CEN network, routing rules cannot be used to access cloud products.
After you create a PrivateLink endpoint, you can still access the Simple Message Queue (formerly MNS) service through the original internal endpoint.
Billing
Enabling PrivateLink is free of charge. After you enable PrivateLink, you are charged hourly based on your actual usage. The fees include instance fees and traffic processing fees. For more information, see Billing.
The service consumer and service provider for PrivateLink can be different Alibaba Cloud accounts. The fees can be charged to the service consumer's account or the service provider's account. For more information, see Payers.
Limits
To privately access Simple Message Queue (formerly MNS), you must submit a ticket to request access. After your request is approved, Alibaba Cloud technical support enables the feature for you.
Prerequisites
You have created a Virtual Private Cloud (VPC) and a vSwitch in the region where you want to create the endpoint. For more information, see Create and manage a VPC.
You have submitted a ticket to add your account to the PrivateLink access whitelist. When you submit the ticket, you must provide the user ID (UID) of your Alibaba Cloud account and the region where the resource is located.
Procedure
Log on to the VPC console.
In the navigation pane on the left, click Endpoints.
In the top menu bar, select a region that supports private access to Simple Message Queue (formerly MNS) resources through endpoints.
On the Endpoints page, click the Interface Endpoints tab, and then click Create Endpoint.
On the Create Endpoint page, configure the following parameters and leave the other parameters at their default settings.
Parameter
Description
Node Name
Enter a custom name for the endpoint.
Endpoint Type
Select Interface Endpoint. This indicates that the service consumer accesses the service provided by the service provider through an interface endpoint.
Endpoint Service
Click Alibaba Cloud Service. Then, in the search box for the endpoint service name, enter the domain name and select the service. The domain name is in the format
com.aliyuncs.${regionId}.smq. For example,com.aliyuncs.cn-heyuan-acdr-1.smqis the endpoint service name for the Heyuan Automotive Dedicated Cloud.NoteAn endpoint can be associated with only one endpoint service.
VPC
Select the VPC where you want to create the endpoint.
Security Group
Select a security group to associate with the endpoint elastic network interface (ENI). The security group controls data communication for the endpoint ENI.
Zone and vSwitch
Select the zone where the endpoint service is available, and then select a vSwitch in that zone. The system automatically creates an endpoint ENI in the vSwitch.
Click Create.
After the endpoint is created, record the endpoint domain name. You can use this domain name to access the Simple Message Queue (formerly MNS) service.
After you obtain the endpoint domain name, configure it in your software development kit (SDK) code to access Simple Message Queue (formerly MNS) through PrivateLink. For more information, see Console SDK and Client SDK.
References
For more information about PrivateLink, see What is PrivateLink?.