Configuring the Network

Public Access

By default, functions can access services on public networks. If the target public network service requires whitelist verification using a fixed IP address, enable VPC access, configure a NAT gateway for the VPC, and bind an Elastic IP (EIP) to the gateway. For details, see Configuring a Fixed Public IP Address

Configuring VPC Access

Functions can access resources in a VPC bound to it. If a function needs both VPC and public access, configure a NAT gateway for the VPC and bind an EIP to the gateway. For details, see Configuring a Fixed Public IP Address.

Required Permissions

Configure an agency by referring to Configuring Agency Permissions.

  • Permissions for VPC access: an agency with the VPC Administrator permission or with the least permissions listed in Table 1

    Table 1 Least permissions required

    Permission

    Action

    Deleting a port

    vpc:ports:delete

    Querying a port

    vpc:ports:get

    Creating a port

    vpc:ports:create

    Querying a VPC

    vpc:vpcs:get

    Querying a subnet

    vpc:subnets:get

  • Permissions for private domain name resolution: an agency with the DNS ReadOnlyAccess permission

Procedure

  1. Log in to the FunctionGraph console. In the navigation pane, choose Functions > Function List.

  2. Click the function to be configured to go to the function details page.

  3. Choose Configuration > Network, enable VPC Access, and specify a VPC and subnet.

    **Figure 1** Configuring VPC access

    Figure 1 Configuring VPC access

    Note

    1. For details on how to create a VPC and a subnet, see section "Creating a VPC".

    2. Specify an agency with VPC administrator permissions for the function. For details, see Configuring Agency Permissions.

    3. You can bind functions in a project to up to four different subnets in any VPCs. (Each project has a unique 32-digit project ID, which is allocated when your account is created. The project IDs of your account and IAM user are the same.)

  4. Click Save.

Configuring a Fixed Public IP Address

If a function needs to access public network resources in a VPC or requires a fixed public IP address, configure a NAT gateway for the VPC and bind an EIP to the gateway.

Prerequisites

  1. You have created a VPC and a subnet according to section "Creating a VPC".

  2. You have obtained an EIP according to section "Assigning an EIP".

Procedure

  1. In the left navigation pane of the management console, choose Network > NAT Gateway to go to the NAT Gateway console. Then click Create NAT Gateway.

  2. On the displayed page, enter gateway information, select a VPC (for example, vpc-01) and subnet, and confirm and submit the settings. For details, see section "Creating a Public NAT Gateway".

  3. Click the NAT gateway name. On the details page that is displayed, click Add SNAT Rule, set the rule, and click OK.

last updated: 2024-09-09 12:39 UTC - commit: 15c5f0c758412c678ed58fffad0efb9f61127f40