Terraform module to establish a secure access channel through PrivateLink for bailian on Alibaba Cloud
English | 简体中文
The official release of the DeepSeek R1 large model has garnered widespread attention from the global technology community. As a high-performance generative AI model that is both open-source and free to use, DeepSeek R1 has demonstrated core performance metrics comparable to GPT-o1 in several benchmark tests. Numerous developers and enterprise users have already begun technical validation and scenario adaptation work.
Alibaba Cloud's Bailian platform now offers public network API access to the DeepSeek model. However, while public network access provides convenience, its potential data security risks pose a significant challenge for enterprise-level applications, specifically in the following dimensions:
- Encryption Vulnerabilities in Transmission Links: Public network communication is susceptible to man-in-the-middle attacks, potentially compromising data transmission security.
- Risk of Request Log Retention: Traffic logs on third-party network nodes may lead to sensitive data leakage.
- Industry Compliance Requirements: Highly regulated sectors like finance, healthcare, and automotive have explicit compliance constraints regarding data transmission paths.
To meet the core data security and compliance demands of enterprise users, we recommend establishing a secure access channel through PrivateLink. This solution offers the following advantages:
- Establishes an end-to-end private network environment.
- Enables stable service invocation with millisecond-level latency.
- Meets industry regulatory compliance requirements.
- Provides auditable data flow path tracing.
Architecture Diagram:
provider "alicloud" {
alias = "local_region"
region = "cn-beijing"
}
provider "alicloud" {
alias = "remote_region"
region = "cn-shanghai"
}
module "complete" {
source = "alibabacloud-automation/private-network-access-for-bailian/alicloud"
providers = {
alicloud.local_region = alicloud.local_region
alicloud.remote_region = alicloud.remote_region
}
local_vpc_config = {
vpc = {
vpc_name = "beijing_vpc"
cidr_block = "192.168.0.0/16"
}
vswitches = [{
zone_id = "cn-beijing-g"
cidr_block = "192.168.1.0/24"
}, {
zone_id = "cn-beijing-i"
cidr_block = "192.168.2.0/24"
}]
tr_vpc_attachment = {
transit_router_attachment_name = "TR-Attachment-Beijing"
transit_router_attachment_description = "Transit Router Attachment for Beijing Region"
}
}
remote_vpc_config = {
vpc = {
vpc_name = "shanghai_vpc"
cidr_block = "10.0.0.0/16"
}
vswitches = [{
zone_id = "cn-shanghai-m"
cidr_block = "10.0.1.0/24"
}, {
zone_id = "cn-shanghai-n"
cidr_block = "10.0.2.0/24"
}]
tr_vpc_attachment = {
transit_router_attachment_name = "TR-Attachment-Shanghai"
transit_router_attachment_description = "Transit Router Attachment for Shanghai Region"
}
}
}| Name | Version |
|---|---|
| terraform | >= 1.3 |
| Name | Version |
|---|---|
| alicloud | n/a |
| alicloud.local_region | n/a |
| alicloud.remote_region | n/a |
| Name | Source | Version |
|---|---|---|
| local_vpc | ./modules/vpc | n/a |
| remote_vpc | ./modules/vpc | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cen_instance_config | The parameters of cen instance. | object({ |
{} |
no |
| local_tr_config | The parameters of local transit router. | object({ |
{} |
no |
| local_vpc_config | The parameters of local vpc resources. The attributes 'vpc', 'vswitches' are required. | object({ |
n/a | yes |
| privatelink_vpc_endpoint | The parameters of privatelink vpc endpoint. | object({ |
{} |
no |
| pvtz_zone_name | The name of pvtz zone. | string |
"vpc-cn-beijing.dashscope.aliyuncs.com" |
no |
| pvtz_zone_record | The parameters of pvtz zone record. | object({ |
{} |
no |
| remote_tr_config | The parameters of remote transit router. | object({ |
{} |
no |
| remote_vpc_config | The parameters of remote vpc resources. The attributes 'vpc', 'vswitches' are required. | object({ |
n/a | yes |
| security_group_config | The parameters of security group. | object({ |
{} |
no |
| tr_peer_attachment | The parameters of transit router peer attachment. | object({ |
{} |
no |
| Name | Description |
|---|---|
| cen_instance_id | The ID of the CEN instance |
| local_route_table_id | The ID of the local TR route table |
| local_transit_router_id | The ID of the local transit router |
| local_vpc_cidr_block | The CIDR block of the local VPC |
| local_vpc_id | The ID of the local VPC |
| local_vswitch_ids | The list of IDs of the local VSwitches |
| privatelink_endpoint_id | The ID of the PrivateLink VPC endpoint |
| pvtz_zone_id | The ID of the PrivateZone |
| pvtz_zone_record_id | The ID of the PrivateZone record |
| remote_route_table_id | The ID of the remote TR route table |
| remote_transit_router_id | The ID of the remote transit router |
| remote_vpc_cidr_block | The CIDR block of the remote VPC |
| remote_vpc_id | The ID of the remote VPC |
| remote_vswitch_ids | The list of IDs of the remote VSwitches |
| security_group_id | The ID of the security group |
If you have any problems when using this module, please opening a provider issue and let us know.
Note: There does not recommend opening an issue on this repo.
Created and maintained by Alibaba Cloud Terraform Team(terraform@alibabacloud.com).
MIT Licensed. See LICENSE for full details.