Private Network Access

Scenarios

You can configure a rule to allow certain access to a repository through a private network.

This section describes how to configure private network access for a repository. Once private network access is configured, you can use an ECS in the specified VPC to pull images from the repository over the private network.

After a private network access rule is created, a VPC endpoint will be created in the VPC Endpoint service. You will be billed based on how long you have used the VPC endpoint.

By default, you can access a repository from a VPC where the repository is. On the Access Control > Private Network Access page, you can see a default rule to allow the access.

Constraints

You can configure three private domain names for this VPC endpoint. Ensure that the quota of DNS record sets for private domain names is sufficient.

Procedure

Log in to the SWR console. In the upper left corner, switch to your region. In the navigation pane, choose Repositories. Click your repository name.
In the navigation pane, choose Access > Access Control.
Click the Private Network Access tab, and click Create Private Network Access Rule in the upper right corner.
In the displayed dialog box, select a project, VPC, and subnet.

Figure 1 Creating a private network access rule

If the project you select is not the default one, you need to switch to the project and authorize access to required services in this project before you can continue to create the rule.
Click OK.

If the status changes to Normal and there are IP addresses displayed, the private network access rule has been created.

Figure 2 Private network access

Then, you can access the repository from any IP address within the CIDR block of the subnet you selected.

When you create a private network access rule, a VPC endpoint will be created in VPCEP. Do not delete that VPC endpoint.