databendlabs · everpcpc · Nov 13, 2025 · Nov 13, 2025
diff --git a/docs/cn/guides/20-cloud/30-advanced/01-iam-role/01-aws.md b/docs/cn/guides/20-cloud/30-advanced/01-iam-role/01-aws.md
@@ -41,7 +41,7 @@ sidebar_label: "AWS IAM 角色"
 
    点击 `Create role`，在 `Trusted entity type` 中选择 `Custom trust policy`：
 
-   ![创建角色](/img/cloud/iam/create-role.png)
+   ![创建角色](/img/cloud/iam/aws/create-role.png)
 
    输入信任策略文档：
 

diff --git a/docs/cn/guides/20-cloud/30-advanced/02-private-link/01-aws.md b/docs/cn/guides/20-cloud/30-advanced/02-private-link/01-aws.md
@@ -11,7 +11,7 @@ sidebar_label: "AWS PrivateLink"
 
 2. 验证您的 VPC 设置
 
-   ![VPC 设置](/img/cloud/privatelink/vpc-settings.png)
+   ![VPC 设置](/img/cloud/privatelink/aws/vpc-settings.png)
 
    确保选中 `启用 DNS 解析` 和 `启用 DNS 主机名`。
 
@@ -21,47 +21,47 @@ sidebar_label: "AWS PrivateLink"
 
 4. 准备一个打开 tcp 443 端口的安全组：
 
-   ![安全组](/img/cloud/privatelink/security-group.png)
+   ![安全组](/img/cloud/privatelink/aws/security-group.png)
 
 5. 转到 AWS 控制台：
 
    https://us-east-2.console.aws.amazon.com/vpcconsole/home?region=us-east-2#Endpoints:
 
    单击 `创建终端节点`：
 
-   ![创建终端节点按钮](/img/cloud/privatelink/create-endpoint-1.png)
+   ![创建终端节点按钮](/img/cloud/privatelink/aws/create-endpoint-1.png)
 
-   ![创建终端节点表单](/img/cloud/privatelink/create-endpoint-2.png)
+   ![创建终端节点表单](/img/cloud/privatelink/aws/create-endpoint-2.png)
 
    选择先前创建的安全组 `HTTPS`
 
-   ![创建终端节点 SG](/img/cloud/privatelink/create-endpoint-3.png)
+   ![创建终端节点 SG](/img/cloud/privatelink/aws/create-endpoint-3.png)
 
-   ![创建终端节点完成](/img/cloud/privatelink/create-endpoint-4.png)
+   ![创建终端节点完成](/img/cloud/privatelink/aws/create-endpoint-4.png)
 
 6. 等待云管理员批准您的连接请求：
 
-   ![请求](/img/cloud/privatelink/request.png)
+   ![请求](/img/cloud/privatelink/aws/request.png)
 
 7. 等待 PrivateLink 创建：
 
-   ![创建](/img/cloud/privatelink/creation.png)
+   ![创建](/img/cloud/privatelink/aws/creation.png)
 
 8. 修改私有 DNS 名称设置：
 
-   ![DNS 菜单](/img/cloud/privatelink/dns-1.png)
+   ![DNS 菜单](/img/cloud/privatelink/aws/dns-1.png)
 
    启用私有 DNS 名称：
 
-   ![DNS 表单](/img/cloud/privatelink/dns-2.png)
+   ![DNS 表单](/img/cloud/privatelink/aws/dns-2.png)
 
    等待更改生效。
 
 9. 验证通过 PrivateLink 访问 Databend Cloud：
 
-   ![验证 DNS](/img/cloud/privatelink/verify-1.png)
+   ![验证 DNS](/img/cloud/privatelink/aws/verify-1.png)
 
-   ![验证响应](/img/cloud/privatelink/verify-2.png)
+   ![验证响应](/img/cloud/privatelink/aws/verify-2.png)
 
    网关域名已解析为 VPC 内部 IP 地址。
 

diff --git a/docs/cn/guides/20-cloud/30-advanced/02-private-link/02-aliyun.md b/docs/cn/guides/20-cloud/30-advanced/02-private-link/02-aliyun.md
@@ -0,0 +1,52 @@
+---
+title: "通过阿里云私网连接连接到 Databend Cloud"
+sidebar_label: "阿里云私网连接"
+---
+
+# 如何设置阿里云私网连接
+
+1. 提供计划使用 PrivateLink 的 AccountID（主账号 ID）
+
+  ![AccountID](/img/cloud/privatelink/aliyun/accountid.png)
+
+2. 等待 Databend Cloud 将 AccountID 加入到白名单
+
+3. Databend Cloud 提供终端节点服务名称
+
+  例如: `com.aliyuncs.privatelink.cn-beijing.epsrv-2zelaf38jasnuv54go9j`
+
+4. 准备一个开放 443 端口的安全组
+
+  ![Security Group](/img/cloud/privatelink/aliyun/security-group.png)
+
+5. 到 aliyun 控制台创建终端节点
+
+  https://vpc.console.aliyun.com/endpoint/cn-beijing/endpoints/new
+  输入第三步 Databend Cloud 提供的终端节点服务名称并点击验证
+  ![Create Endpoint](/img/cloud/privatelink/aliyun/create-endpoint.png)
+  点击最下方的【确定创建】
+
+6. 通知 Databend Cloud 并等待通过连接请求
+
+  ![Request](/img/cloud/privatelink/aliyun/request.png)
+
+7. 获取终端连接的内网 IP
+
+  ![Endpoint IP](/img/cloud/privatelink/aliyun/endpoint-ip.png)
+
+8. 验证终端连接可用
+
+  ```bash
+  curl -v https://gw.aliyun-cn-beijing.default.databend.cn/status --resolve gw.aliyun-cn-beijing.default.databend.cn:443:10.0.1.222 | jq
+  ```
+
+  如果返回结果中包含 `"status": "ok"`，则表示终端连接可用
+
+  ![Verify Endpoint Request](/img/cloud/privatelink/aliyun/verify-endpoint-request.png)
+
+  ![Verify Endpoint Response](/img/cloud/privatelink/aliyun/verify-endpoint-response.png)
+
+
+:::info
+恭喜！您已成功通过阿里云私网连接连接到 Databend Cloud。
+:::
diff --git a/docs/en/guides/20-cloud/30-advanced/01-iam-role/01-aws.md b/docs/en/guides/20-cloud/30-advanced/01-iam-role/01-aws.md
@@ -41,7 +41,7 @@ sidebar_label: "AWS IAM Role"
 
    Click `Create role`, and select `Custom trust policy` in `Trusted entity type`:
 
-   ![Create Role](/img/cloud/iam/create-role.png)
+   ![Create Role](/img/cloud/iam/aws/create-role.png)
 
    Input the the trust policy document:
 

diff --git a/docs/en/guides/20-cloud/30-advanced/02-private-link/01-aws.md b/docs/en/guides/20-cloud/30-advanced/02-private-link/01-aws.md
@@ -11,7 +11,7 @@ sidebar_label: "AWS PrivateLink"
 
 2. Verify your VPC settings
 
-   ![VPC Settings](/img/cloud/privatelink/vpc-settings.png)
+   ![VPC Settings](/img/cloud/privatelink/aws/vpc-settings.png)
 
    Ensure `Enable DNS resolution` and `Enable DNS hostnames` are checked.
 
@@ -21,47 +21,47 @@ sidebar_label: "AWS PrivateLink"
 
 4. Prepare a security group with tcp 443 port open:
 
-   ![Security Group](/img/cloud/privatelink/security-group.png)
+   ![Security Group](/img/cloud/privatelink/aws/security-group.png)
 
 5. Goto AWS Console:
 
    https://us-east-2.console.aws.amazon.com/vpcconsole/home?region=us-east-2#Endpoints:
 
    Click `Create endpoint`:
 
-   ![Create Endpoint Button](/img/cloud/privatelink/create-endpoint-1.png)
+   ![Create Endpoint Button](/img/cloud/privatelink/aws/create-endpoint-1.png)
 
-   ![Create Endpoint Sheet](/img/cloud/privatelink/create-endpoint-2.png)
+   ![Create Endpoint Sheet](/img/cloud/privatelink/aws/create-endpoint-2.png)
 
    Select the previously created security group `HTTPS`
 
-   ![Create Endpoint SG](/img/cloud/privatelink/create-endpoint-3.png)
+   ![Create Endpoint SG](/img/cloud/privatelink/aws/create-endpoint-3.png)
 
-   ![Create Endpoint Done](/img/cloud/privatelink/create-endpoint-4.png)
+   ![Create Endpoint Done](/img/cloud/privatelink/aws/create-endpoint-4.png)
 
 6. Wait for cloud admin approving your connect request:
 
-   ![Request](/img/cloud/privatelink/request.png)
+   ![Request](/img/cloud/privatelink/aws/request.png)
 
 7. Wait for the PrivateLink creation:
 
-   ![Creation](/img/cloud/privatelink/creation.png)
+   ![Creation](/img/cloud/privatelink/aws/creation.png)
 
 8. Modify private DNS name setting:
 
-   ![DNS Menu](/img/cloud/privatelink/dns-1.png)
+   ![DNS Menu](/img/cloud/privatelink/aws/dns-1.png)
 
    Enable private DNS names:
 
-   ![DNS Sheet](/img/cloud/privatelink/dns-2.png)
+   ![DNS Sheet](/img/cloud/privatelink/aws/dns-2.png)
 
    Wait for changes to apply.
 
 9. Verify accessing Databend Cloud via PrivateLink:
 
-   ![Verify DNS](/img/cloud/privatelink/verify-1.png)
+   ![Verify DNS](/img/cloud/privatelink/aws/verify-1.png)
 
-   ![Verify Response](/img/cloud/privatelink/verify-2.png)
+   ![Verify Response](/img/cloud/privatelink/aws/verify-2.png)
 
    Gateway domain is resolved to VPC internal IP address.
 

diff --git a/static/img/cloud/iam/create-role.png → static/img/cloud/iam/aws/create-role.png b/static/img/cloud/iam/create-role.png → static/img/cloud/iam/aws/create-role.png
diff --git a/static/img/cloud/privatelink/aliyun/accountid.png b/static/img/cloud/privatelink/aliyun/accountid.png
diff --git a/static/img/cloud/privatelink/aliyun/create-endpoint.png b/static/img/cloud/privatelink/aliyun/create-endpoint.png
diff --git a/static/img/cloud/privatelink/aliyun/endpoint-ip.png b/static/img/cloud/privatelink/aliyun/endpoint-ip.png
diff --git a/static/img/cloud/privatelink/aliyun/request.png b/static/img/cloud/privatelink/aliyun/request.png
diff --git a/static/img/cloud/privatelink/aliyun/security-group.png b/static/img/cloud/privatelink/aliyun/security-group.png
diff --git a/static/img/cloud/privatelink/aliyun/verify-endpoint-request.png b/static/img/cloud/privatelink/aliyun/verify-endpoint-request.png
diff --git a/static/img/cloud/privatelink/aliyun/verify-endpoint-response.png b/static/img/cloud/privatelink/aliyun/verify-endpoint-response.png
diff --git a/...g/cloud/privatelink/create-endpoint-1.png → ...oud/privatelink/aws/create-endpoint-1.png b/...g/cloud/privatelink/create-endpoint-1.png → ...oud/privatelink/aws/create-endpoint-1.png
diff --git a/...g/cloud/privatelink/create-endpoint-2.png → ...oud/privatelink/aws/create-endpoint-2.png b/...g/cloud/privatelink/create-endpoint-2.png → ...oud/privatelink/aws/create-endpoint-2.png
diff --git a/...g/cloud/privatelink/create-endpoint-3.png → ...oud/privatelink/aws/create-endpoint-3.png b/...g/cloud/privatelink/create-endpoint-3.png → ...oud/privatelink/aws/create-endpoint-3.png
diff --git a/...g/cloud/privatelink/create-endpoint-4.png → ...oud/privatelink/aws/create-endpoint-4.png b/...g/cloud/privatelink/create-endpoint-4.png → ...oud/privatelink/aws/create-endpoint-4.png
diff --git a/static/img/cloud/privatelink/creation.png → ...ic/img/cloud/privatelink/aws/creation.png b/static/img/cloud/privatelink/creation.png → ...ic/img/cloud/privatelink/aws/creation.png
diff --git a/static/img/cloud/privatelink/dns-1.png → static/img/cloud/privatelink/aws/dns-1.png b/static/img/cloud/privatelink/dns-1.png → static/img/cloud/privatelink/aws/dns-1.png
diff --git a/static/img/cloud/privatelink/dns-2.png → static/img/cloud/privatelink/aws/dns-2.png b/static/img/cloud/privatelink/dns-2.png → static/img/cloud/privatelink/aws/dns-2.png
diff --git a/static/img/cloud/privatelink/request.png → static/img/cloud/privatelink/aws/request.png b/static/img/cloud/privatelink/request.png → static/img/cloud/privatelink/aws/request.png
diff --git a/.../img/cloud/privatelink/security-group.png → .../cloud/privatelink/aws/security-group.png b/.../img/cloud/privatelink/security-group.png → .../cloud/privatelink/aws/security-group.png
diff --git a/static/img/cloud/privatelink/verify-1.png → ...ic/img/cloud/privatelink/aws/verify-1.png b/static/img/cloud/privatelink/verify-1.png → ...ic/img/cloud/privatelink/aws/verify-1.png
diff --git a/static/img/cloud/privatelink/verify-2.png → ...ic/img/cloud/privatelink/aws/verify-2.png b/static/img/cloud/privatelink/verify-2.png → ...ic/img/cloud/privatelink/aws/verify-2.png
diff --git a/...ic/img/cloud/privatelink/vpc-settings.png → ...mg/cloud/privatelink/aws/vpc-settings.png b/...ic/img/cloud/privatelink/vpc-settings.png → ...mg/cloud/privatelink/aws/vpc-settings.png