Using Virtual Private Endpoints
IBM Cloud® Virtual Private Endpoint (VPE) for IBM Cloud® Object Storage provides connection points to IBM services on the IBM Cloud® internal network from your VPC network.
Using Virtual Private Endpoints
Virtual Private Endpoints (VPEs) are generally available in all regions.
Before you begin
- You need to have an IBM Cloud account
- You also need an instance of IBM Cloud Object Storage
Setting up your VPE
-
Create a IBM Cloud® Virtual Private Cloud to host the applications that need to access your IBM Cloud Object Storage buckets. See Getting started with VPC.
-
Find the location and the corresponding direct endpoint where your bucket is located.
-
In the IBM Cloud console, click the menu icon and select VPC Infrastructure -> Network -> Virtual private endpoint gateways. Create a VPE for your IBM Cloud instances with the following instructions.
-
After you create your VPE, it may take a few minutes for the new VPE and DNS to complete the process and begin working for your VPC. Completion is confirmed when you see an IP address set in the details view of the VPE.
VPE Discoverability
Following the previous steps results in a VPE that provides access over the internal IBM Cloud® network from your VPC network to all of your buckets in a particular location.
Each access to your buckets from your IBM Cloud VPC will require authorization at the S3 API level. To further restrict this access to specific IP addresses, or ranges of IP addresses, provide the IBM Cloud VPC ID or name when configuring the context-based restrictions.
The VPE details page will provide you with more information, including IP address, after creation.
More resources
- About virtual private endpoint gateways
- Planning for virtual private endpoint gateways
- Creating an endpoint gateway
- For further assistance, see the FAQs for virtual private endpoints here, and the
Troubleshooting VPE gatewaysdocumentation that includes how to fix communications issues here.