All Products
Search
Document Center

PrivateLink:Endpoint service overview

Last Updated:Jun 07, 2024

This topic provides an overview of endpoint services and describes how to create and configure an endpoint service.

Overview

You can use an endpoint in a virtual private cloud (VPC) to connect to an endpoint service that is deployed in another VPC by using PrivateLink. Endpoint services are created and managed by service providers.

If you want to allow an endpoint created in a VPC of another Alibaba Cloud account to connect to your endpoint service, you need to add the ID of the Alibaba Cloud account to the whitelist of the endpoint service. Alibaba Cloud accounts whose IDs are not added to the whitelist cannot query the endpoint service or create endpoints to connect to the endpoint service.

image

Procedure

The following flowchart shows how to create and configure an endpoint service.

image
  1. Before you create an endpoint service, you need to create service resources. Classic Load Balancer (CLB), Application Load Balancer (ALB), and Network Load Balancer (NLB) instances that support PrivateLink can be used as service resources of the endpoint service. For more information about how to create a Server Load Balancer (SLB) instance that supports PrivateLink, see the Create an SLB instance section of the Create and manage endpoint services topic.

  2. Configure the SLB instance.

    After you create a CLB, ALB, or NLB instance, you need to create a backend server group and add at least one backend server to the group. This way, traffic can be forwarded. For more information, see Configure an ALB instance, Configure a CLB instance, and Configure an NLB instance.

  3. Create an endpoint service.

    You must specify the configured SLB instance as the service resource when you create an endpoint service. For more information, see the Create an endpoint service section of the Create and manage endpoint services topic.

  4. (Optional) Add the IDs of relevant Alibaba Cloud accounts to the service whitelist.

    After you create the endpoint service, the ID of your Alibaba Cloud account is automatically added to the whitelist of the endpoint service. Alibaba Cloud accounts whose IDs are added to the whitelist can query the endpoint service and create endpoints to connect to the endpoint service. If you want to allow an endpoint created in a VPC of another Alibaba Cloud account to connect to your endpoint service, you must add the ID of the Alibaba Cloud account to the whitelist of the endpoint service. For more information, see Manage account IDs in the whitelist of an endpoint service.

  5. (Optional) Add more service resources to the endpoint service.

    You can add more service resources to the endpoint service. After endpoints in other VPCs connect to the endpoint service in your VPC, endpoints in these VPCs can access the service resources in your VPC. For more information, see Add and remove service resources.