Virtual Private Cloud (VPC) updates: double end binding
You can now configure a Virtual Private Cloud (VPC) endpoint policy and a bucket policy to implement VPC-level permission control for OBS resources.
By doing so you’ll improve the security of your architecture.
On one hand, you can configure a VPC endpoint policy to restrict servers (ECS/CCE/BMS) in a VPC from accessing specific resources in OBS. On the other hand, you can configure a bucket policy to specify OBS buckets that can be accessed by certain servers in the VPC. Therefore, request sources and resources to be accessed are securely controlled.
When purchasing VPCEP, a default policy is generated for the VPC endpoint. This policy allows full access to OBS. In addition, you can change the default policy when creating a VPC endpoint, or you can change it later if necessary.
For details about how to configure a VPC endpoint policy, see Help Center (orange-business.com) .