All Products
Search
Document Center

Virtual Private Cloud:Deploy cloud services in a VPC

Last Updated:Nov 01, 2024

Most Alibaba Cloud services support virtual private clouds (VPCs). You can choose to use a VPC when you create a cloud resource. You can also create a VPC, and then create cloud resources in the VPC.

Use a VPC

A VPC is an isolated private network. By default, VPCs cannot communicate with each other. Elastic Compute Service (ECS) instances in a VPC cannot access the Internet or be accessed over the Internet. A VPC cannot communicate with a classic network over a private network. However, most Alibaba Cloud services can be accessed over the Internet or a private network. More than 95% of Alibaba Cloud services support VPCs.

Note

Cloud resources that need to communicate with each other over a private network must be of the same network type. For example, if an ECS instance in a VPC needs to access a Classic Load Balancer (CLB) instance or an ApsaraDB RDS instance over a private network, the CLB instance or the ApsaraDB RDS instance must be deployed in a VPC.

How you use a VPC varies based on the service:

  • Select VPC as the network type on the buy page

    You can use this method for services that allow you to create instances, such as ECS, ApsaraDB RDS, and CLB. You can select VPC as the network type on the buy page of these services. This way, the instance that you purchase is created in a VPC or a VPC endpoint is provided for the instance. The endpoint is resolved to an IP address that falls within the CIDR block of the VPC.

  • Configure VPC access in the console

    You can use this method for services such as Tablestore (OTS), Container Service for Kubernetes (ACK), E-MapReduce (EMR), and File Storage NAS.

    For OTS, you can configure a VPC endpoint for an OTS instance in the console. For ACK or EMR, you can select VPC as the network type when you create an ACK cluster or an EMR cluster in the console. For NAS, you can add a VPC as a mount target in the console.

  • View the VPC endpoints of different services

    The following topics describe how to view the VPC endpoints of Log Service, Object Storage Service (OSS), and ECS:

    To query the VPC endpoints of other services, you can use Alibaba Cloud DNS PrivateZone to call API operations. For more information, see Activate Alibaba Cloud DNS PrivateZone.

Change the network type

  • For some cloud services that allow you to create instances, such as ApsaraDB RDS, you can change the network type from classic network to VPC in the console.

  • For CLB instances, you cannot change the network type from classic network to VPC. You can create a new CLB instance that uses VPC and associate ECS instances in a VPC with the CLB instance.

For more information, see Overview of the migration solution.