Virtual Private Cloud (VPC) updates: double end binding

Flexible Engine
Release Notes

September, 2022

You can now configure a Virtual Private Cloud (VPC) endpoint policy and a bucket policy to implement VPC-level permission control for OBS resources. 

By doing so you’ll improve the security of your architecture.  

On one hand, you can configure a VPC endpoint policy to restrict servers (ECS/CCE/BMS) in a VPC from accessing specific resources in OBS. On the other hand, you can configure a bucket policy to specify OBS buckets that can be accessed by certain servers in the VPC. Therefore, request sources and resources to be accessed are securely controlled

When purchasing VPCEP, a default policy is generated for the VPC endpoint. This policy allows full access to OBS. In addition, you can change the default policy when creating a VPC endpoint, or you can change it later if necessary. 

For details about how to configure a VPC endpoint policy, see Help Center (