• Virtual Private Cloud

vpc
  1. Help Center
  2. Virtual Private Cloud
  3. User Guide
  4. Getting Started
  5. Configuring a VPC for ECSs That Access the Internet Through a VPN
  6. Overview

Overview

If you need to access ECSs in a VPC over the Internet to perform maintenance operations on the ECSs, you can follow the procedure shown in Figure 1 to configure a VPN. For example, you can configure a VPN to enable a website administrator to access ECSs functioning as service nodes in the VPC over the Internet.

Figure 1 Configuring the network

Table 1 describes the different tasks in the procedure for configuring the network.

Table 1 Configuration process description

Task

Description

Create a VPC.

This task is mandatory.

You must configure required parameters to create a VPC. The created VPC comes with a default subnet you specified.

After the VPC is created, you can create other required network resources in the VPC based on your service requirements.

Create another subnet for the VPC.

This task is optional.

If you need another subnet in addition to the default one, you can create a subnet in the VPC.

The new subnet is used to assign IP addresses to NICs added to the ECS.

Create a VPN.

This task is mandatory.

You can create a VPN to set up a secure and isolated communications tunnel between your data center and cloud services.

Create a security group.

This task is mandatory.

You can create a security group and add ECSs in the VPC to the security group to improve ECS access security.

After a security group is created, it has a default rule, which allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. If the default rule meets your service requirements, you do not need to add rules to the security group.

Add a security group rule.

This task is optional.

After a security group is created, it has a default rule, which allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. If the default rule does not meet your service requirements, you can add a security group rule.