Access an SMQ instance by using PrivateLink endpoint - Simple Message Queue (formerly MNS)

PrivateLink is a service used to establish private, stable, and secure connections between Virtual Private Cloud (VPC) and other Alibaba Cloud services. PrivateLink simplifies network architectures and prevents risks that arise from service access over the Internet. This topic describes how to use PrivateLink endpoint to access Simple Message Queue (SMQ, formerly MNS).

Scenarios

You can use a PrivateLink endpoint to access an SMQ instance in a specific VPC in the following scenarios:

You want to isolate network links when instances access networks.
You want to implement cloud networking and inter-region networking by using Cloud Enterprise Network (CEN).
You are unable to use routing rules to access cloud services when you build a network by using CEN.

After a PrivateLink endpoint is created, you can continue using the original VPC endpoint to access a SMQ instance.

Billing rules

You are not charged when you activate PrivateLink. After you activate PrivateLink, you are charged on a pay-as-you-go basis. Bills are generated on an hourly basis. You are charged instance fees and data transfer fees. For more information, see billing rules.
The service consumer and service provider can use different Alibaba Cloud accounts. You can specify whether the service consumer or service provider to pay the bills. For more information, see Payer.

Limits on regions

If you want to access an SMQ instance by using PrivateLink endpoint in a specific region, submit a ticket to apply for PrivateLink-based access to an SMQ instance.

Prerequisites

A VPC and a vSwitch are created in the region where you want to create the PrivateLink endpoint. For more information, see Create a VPC and a vSwitch.
The PrivateLink endpoint is added to the IP address whitelist. To perform this operation, submit a ticket. You must include the UID of the Alibaba Cloud account used to purchase the instance and the region where the instance resides.

Procedure

Log on to the VPC console.
In the left-side navigation pane, click Endpoints.
In the top navigation bar, select a region that supports accessing SMQ instances by using PrivateLink.
On the Endpoints page, click the Interface Endpoint tab, and click Create Endpoint.

On the Create Endpoint page, configure the parameters. The following table describes the parameters. Retain the default settings for other parameters.

Parameter	Description
Endpoint Name	Specify a name for the endpoint.
Endpoint Type	Select Interface Endpoint to create an interface endpoint for the service consumer to access the service provided.
Endpoint Service	Select Alibaba Cloud Service. Enter `com.aliyuncs.cn-heyuan-acdr-1.smq` in the Endpoint Service Name search box and click the search box. Select the endpoint service in the `com.aliyuncs.${regionId}.smq` format. Note You can associate an endpoint with only one endpoint service.
VPC	Select the VPC for which you want to create an endpoint.
Security Groups	Select the security group that you want to associate with the endpoint elastic network interface (ENI). A security group allows you to manage communication to and from the endpoint ENI.
Zone And Vswitch	Select the zone of the endpoint service and select a vSwitch in the zone. The system automatically creates an endpoint ENI in the vSwitch.

Click Ok.
Record the generated PrivateLink endpoint for subsequent access to SMQ.
You can specify the domain name of endpoint service in the SDK code to access SMQ by using PrivateLink. For more information, see Console SDKs and Client SDKs.

References

For more information about PrivateLink, see what is PrivateLink.