Alibaba Cloud implements cross-account intranet transfer and VPC interconnection (summary of pitfalls)

Summary: Through VPC (private network) interconnection, high-speed access to the intranet can be achieved and bandwidth limitations can be solved. However, in the actual operation process, Alibaba Cloud's help documents are cumbersome and outdated, and most articles on the Internet are also outdated and do not conform to the operational facts. After summarizing and exploring, I wrote this article.

The purpose of this article: Suppose there are two users A and B, who have private networks vpc-a and vpc-b (abbreviation) respectively, and want to realize intranet interconnection.

Brief description of the steps: Create a cloud enterprise network, then add vpc-a and vpc-b to the cloud enterprise network, and finally configure security group rules.

PS: This article assumes that vpc-a and vpc-b are in the same region (if they are not in the same region, additional traffic packages must be purchased)

User A logs in to the expressway management console --gt ;Click VPC Interconnection--gt in the left navigation bar;Click Create Cloud Enterprise Network (Key! The "Peer-to-Peer Connection" in the official document does not exist but has not been changed)

User B enters his own private Network details--gt; Click Cloud Enterprise Network Cross-Account Authorization--gt; Fill in the account ID and Cloud Enterprise Network ID of user A.

User A enters the cloud enterprise network created by himself in the first step--gt; clicks to load the network instance--gt; selects cross-account--gt; fills in the account ID of user B; instance type VPC; region Fill in as needed; fill in vpc-b for the network instance

Both users A and B need to do this step

Log in to the ECS console --gt; click on the security group --gt; Click a security group to enter the security group--gt; click on the upper right corner to add security group rules, and fill in the information by referring to the figure below