管理专用连接端点:Google Cloud

本主题提供有关如何管理专用连接端点以便与外部服务的专用连接配合使用的信息。这些示例专门针对 Google Cloud。

提供专用连接端点

您可以通过调用 SYSTEM$PROVISION_PRIVATELINK_ENDPOINT 系统函数来创建专用连接端点。例如,对于您在 Google Cloud 上的 Snowflake 账户:

连接到已发布的服务:

SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT(
  'projects/my-project/regions/us-west2/serviceAttachments/my-http-server',
  'my-http-server.com'
);
Copy

创建端点后,资源提供者必须在 Google Cloud 上接受连接。

配置专用端点以允许 Google Cloud 上的 Snowflake 连接到 Google Cloud VPC 网络中的服务附件:

SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT(
  'projects/my-project/regions/us-east4/serviceAttachments/my-service-attachment',
  'my-service.com'
  );
Copy
Private endpoint with ID "abcd0000000000000001" to resource "projects/my-project/regions/us-east4/serviceAttachments/my-service-attachment"
was provisioned successfully. Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.

配置专用端点以允许 Google Cloud 上的 Snowflake 连接到区域性 Cloud Key Management Service (Cloud KMS) 端点:

SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT(
  'cloudkms.us-east4.rep.googleapis.com',
  'cloudkms.us-east4.rep.googleapis.com'
  );
Copy
Private endpoint with ID "abcd0000000000000001" to resource "cloudkms.us-east4.rep.googleapis.com" was provisioned successfully.
Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.

配置专用端点,以允许 Snowflake 连接到 Google Cloud 的外部暂存区:

SELECT SYSTEM$PROVISION_PRIVATELINK_ENDPOINT(
  'storage.us-east4.rep.googleapis.com',
  'storage.us-east4.rep.googleapis.com'
);
Copy
Private endpoint with ID "abcd0000000000000001" to resource "storage.us-east4.rep.googleapis.com" was provisioned successfully.
Please note the Private Endpoint ID and approve the corresponding connection request in the cloud provider console.

Snowflake 会调用托管 Snowflake 账户的云平台的 APIs 来创建端点。Snowflake 还更新了相关的网络配置。

您可以为 Google API 区域服务端点 (https://cloud.google.com/vpc/docs/regional-service-endpoints) 配置专用连接端点。对这些由 Google 管理的端点的连接会自动获得批准。

列出专用连接端点

您可以通过调用 SYSTEM$GET_PRIVATELINK_ENDPOINTS_INFO 系统函数来列出您创建的专用连接端点。例如,对于您在 Google Cloud 上的 Snowflake 账户:

SELECT SYSTEM$GET_PRIVATELINK_ENDPOINTS_INFO();
Copy

备注

您还可以查询 ACCOUNT_USAGE 架构中的 OUTBOUND_PRIVATELINK_ENDPOINTS 视图,以列出您账户中的专用端点。

取消配置专用连接端点

您可以通过调用 SYSTEM$DEPROVISION_PRIVATELINK_ENDPOINT 系统函数来删除现有的专用连接端点。例如,对于您在 Google Cloud 上的 Snowflake 账户:

取消配置专用端点以防止 Google Cloud 上的 Snowflake 连接到 Google Cloud VPC 网络中的服务附件:

SELECT SYSTEM$DEPROVISION_PRIVATELINK_ENDPOINT(
  'projects/my-project/regions/us-east4/serviceAttachments/my-service-attachment'
  );
Copy
Private endpoint with id "abcd0000000000000001" successfully marked for deletion. Before it is fully deleted in 7-8 days, it can be restored.

取消配置专用端点以防止 Google Cloud 上的 Snowflake 连接到区域性 Google 服务端点 (CloudKMS):

SELECT SYSTEM$DEPROVISION_PRIVATELINK_ENDPOINT(
 'cloudkms.us-east4.rep.googleapis.com'
 );
Copy
Private endpoint with id "abcd0000000000000001" successfully marked for deletion. Before it is fully deleted in 7-8 days, it can be restored.

取消配置专用端点,防止 Snowflake 连接到 Google Cloud 外部暂存区:

SELECT SYSTEM$DEPROVISION_PRIVATELINK_ENDPOINT(
 'storage.us-east4.rep.googleapis.com'
 );
Copy
Private endpoint with id "abcd0000000000000001" successfully marked for deletion. Before it is fully deleted in 7-8 days, it can be restored.

恢复取消配置的专用连接端点

您可以通过调用 SYSTEM$RESTORE_PRIVATELINK_ENDPOINT 系统函数,在取消配置后 7 天内恢复取消配置的专用连接端点。7 天后,端点无法恢复,需要重新配置一个新端点。

恢复专用端点以允许 Google Cloud 上的 Snowflake 连接到您 Google Cloud VPC 网络中的 Google API 管理服务:

SELECT SYSTEM$RESTORE_PRIVATELINK_ENDPOINT(
  'projects/my-project/regions/us-east4/serviceAttachments/my-service-attachment'
);
Copy
Private endpoint with id ''abcd0000000000000001'' restored successfully.

使用说明

用于配置专用节点的 Snowflake 账户只能与位于同一地区的服务连接。例如,位于 us-central1 的 Snowflake 账户只能为同样位于 us-central1 的服务附件和 Google 区域端点配置专用节点。

限制

不支持跨区域连接。

语言: 中文