Configuring the Network

Public Access

By default, functions can access services on public networks. If the target public network service requires whitelist verification using a fixed IP address, enable VPC access, configure a NAT gateway for the VPC, and bind an Elastic IP (EIP) to the gateway. For details, see Configuring a Fixed Public IP Address

Configuring VPC Access

Functions can access resources in a VPC bound to it. If a function needs both VPC and public access, configure a NAT gateway for the VPC and bind an EIP to the gateway. For details, see Configuring a Fixed Public IP Address.

Required Permissions

Configure an agency by referring to Configuring Agency Permissions.

• Permissions for VPC access: an agency with the VPC Administrator permission or with the least permissions listed in Table 1

  Table 1 Least permissions required

  Permission	Action
  Deleting a port	vpc:ports:delete
  Querying a port	vpc:ports:get
  Creating a port	vpc:ports:create
  Querying a VPC	vpc:vpcs:get
  Querying a subnet	vpc:subnets:get

• Permissions for private domain name resolution: an agency with the DNS ReadOnlyAccess permission

Procedure

1. Log in to the FunctionGraph console. In the navigation pane, choose Functions > Function List.
2. Click the function to be configured to go to the function details page.
3. Choose Configuration > Network, enable VPC Access, and specify a VPC and subnet.
   Figure 1 Configuring VPC access
   
   

   1. For details on how to create a VPC and a subnet, see section "Creating a VPC".
   2. Specify an agency with VPC administrator permissions for the function. For details, see Configuring Agency Permissions.
   3. You can bind functions in a project to up to four different subnets in any VPCs. (Each project has a unique 32-digit project ID, which is allocated when your account is created. The project IDs of your account and IAM user are the same.)
4. Click Save.

Configuring a Fixed Public IP Address

If a function needs to access public network resources in a VPC or requires a fixed public IP address, configure a NAT gateway for the VPC and bind an EIP to the gateway.

Prerequisites

1. You have created a VPC and a subnet according to section "Creating a VPC".
2. You have obtained an EIP according to section "Assigning an EIP".

Procedure

1. In the left navigation pane of the management console, choose Network > NAT Gateway to go to the NAT Gateway console. Then click Create NAT Gateway.
2. On the displayed page, enter gateway information, select a VPC (for example, vpc-01) and subnet, and confirm and submit the settings. For details, see section "Creating a Public NAT Gateway".
3. Click the NAT gateway name. On the details page that is displayed, click Add SNAT Rule, set the rule, and click OK.