vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/fg/umn/functiongraph_01_0222.html
Chen, Junjie dac566cf2f FG UMN 20230725 version 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: Chen, Junjie <chenjunjie@huawei.com>
Co-committed-by: Chen, Junjie <chenjunjie@huawei.com>
2024-04-03 10:30:56 +00:00

66 lines
11 KiB
HTML
Raw Blame History

<a name="functiongraph_01_0222"></a><a name="functiongraph_01_0222"></a>
<h1 class="topictitle1">Configuring the Network</h1>
<div id="body32001227"><div class="section" id="functiongraph_01_0222__en-us_topic_0000001298507413_section465417382214"><h4 class="sectiontitle">Public Access</h4><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p628615172117">By default, functions can access services on public networks. If the target public network service requires whitelist verification using a fixed IP address, <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_li10711134319497">enable VPC access</a>, configure a NAT gateway for the VPC, and bind an Elastic IP (EIP) to the gateway. For details, see <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_section1888817242319">Configuring a Fixed Public IP Address</a></p>
</div>
<div class="section" id="functiongraph_01_0222__en-us_topic_0000001298507413_section923421213196"><h4 class="sectiontitle">Configuring VPC Access</h4><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p3170105719595">Functions can access resources in a VPC bound to it. If a function needs both VPC and public access, configure a NAT gateway for the VPC and bind an EIP to the gateway. For details, see <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_section1888817242319">Configuring a Fixed Public IP Address</a>.</p>
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p493740131113"><strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b17942105012424">Required Permissions</strong></p>
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p245311791619">Configure an agency by referring to <a href="functiongraph_01_0920.html#functiongraph_01_0920">Configuring Agency Permissions</a>.</p>
<ul id="functiongraph_01_0222__en-us_topic_0000001298507413_ul181701657135914"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li112321119121116">Permissions for VPC access: an agency with the <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1532135174516">VPC Administrator</strong> permission or with the least permissions listed in <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_table3170115712597">Table 1</a>
<div class="tablenoborder"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_table3170115712597"></a><a name="en-us_topic_0000001298507413_table3170115712597"></a><table cellpadding="4" cellspacing="0" summary="" id="functiongraph_01_0222__en-us_topic_0000001298507413_table3170115712597" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Least permissions required</caption><thead align="left"><tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row121701157105911"><th align="left" class="cellrowborder" valign="top" width="20.549999999999997%" id="mcps1.3.2.5.1.3.2.3.1.1"><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p10170757135914">Permission</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="79.45%" id="mcps1.3.2.5.1.3.2.3.1.2"><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p317117572595">Action</p>
</th>
</tr>
</thead>
<tbody><tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row1817115717591"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p1171185714593">Deleting a port</p>
</td>
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p317145735914">vpc:ports:delete</p>
</td>
</tr>
<tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row1417125715591"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p1917135720594">Querying a port</p>
</td>
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p41711557145914">vpc:ports:get</p>
</td>
</tr>
<tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row111711657115914"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p017195712597">Creating a port</p>
</td>
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p141711557135919">vpc:ports:create</p>
</td>
</tr>
<tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row517175715593"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p817115713597">Querying a VPC</p>
</td>
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p201711257125915">vpc:vpcs:get</p>
</td>
</tr>
<tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row181718571593"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p01711457195918">Querying a subnet</p>
</td>
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p0171857155919">vpc:subnets:get</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li10171185765919">Permissions for private domain name resolution: an agency with the <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b385525355411">DNS ReadOnlyAccess</strong> permission</li></ul>
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p8258143910595"><strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b16431155155419">Procedure</strong></p>
<ol id="functiongraph_01_0222__en-us_topic_0000001298507413_ol1971194384912"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li17119437493">Log in to the FunctionGraph console. In the navigation pane, choose <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_en-us_topic_0000001251907924_b033610517502">Functions</strong> &gt; <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_en-us_topic_0000001251907924_b183361950502">Function List</strong>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li371110431497">Click the function to be configured to go to the function details page.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li10711134319497"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_li10711134319497"></a><a name="en-us_topic_0000001298507413_li10711134319497"></a>Choose <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b5181333203912">Configuration</strong> &gt; <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1727934103911">Network</strong>, enable <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b85861053113914">VPC Access</strong>, and specify a VPC and subnet.<div class="fignone" id="functiongraph_01_0222__en-us_topic_0000001298507413_fig14895114195312"><span class="figcap"><b>Figure 1 </b>Configuring VPC access</span><br><span><img id="functiongraph_01_0222__en-us_topic_0000001298507413_image88954435310" src="en-us_image_0000001630849458.png"></span></div>
<div class="note" id="functiongraph_01_0222__en-us_topic_0000001298507413_note1075601484316"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ol type="a" id="functiongraph_01_0222__en-us_topic_0000001298507413_ol5756111410439"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li127552014154313">For details on how to create a VPC and a subnet, see section "Creating a VPC".</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li7200955164412">Specify an agency with VPC administrator permissions for the function. For details, see <a href="functiongraph_01_0920.html#functiongraph_01_0920">Configuring Agency Permissions</a>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li107569142432">You can bind functions in a project to up to four different subnets in any VPCs. (Each project has a unique 32-digit project ID, which is allocated when your account is created. The project IDs of your account and IAM user are the same.)</li></ol>
</div></div>
</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li571134384914">Click <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_en-us_topic_0000001298507433_b1943181115307">Save</strong>.</li></ol>
</div>
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p731141785314"></p>
<div class="section" id="functiongraph_01_0222__en-us_topic_0000001298507413_section1888817242319"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_section1888817242319"></a><a name="en-us_topic_0000001298507413_section1888817242319"></a><h4 class="sectiontitle">Configuring a Fixed Public IP Address</h4><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p23469218180">If a function needs to access public network resources in a VPC or requires a fixed public IP address, configure a NAT gateway for the VPC and bind an EIP to the gateway.</p>
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p5783210183917"><strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b739732215479">Prerequisites</strong></p>
<ol id="functiongraph_01_0222__en-us_topic_0000001298507413_ol12952935194314"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li1595243511433">You have created a VPC and a subnet according to section "Creating a VPC".</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li14365104114439">You have obtained an EIP according to section "Assigning an EIP".</li></ol>
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p15945191314420"><strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b167613221268">Procedure</strong></p>
<ol id="functiongraph_01_0222__en-us_topic_0000001298507413_ol183808331224"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li183809337215">In the left navigation pane of the management console, choose <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1983410342133">Network</strong> &gt; <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b38342346133">NAT Gateway</strong> to go to the NAT Gateway console. Then click <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b289212169132">Create NAT Gateway</strong>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li105942533011">On the displayed page, enter gateway information, select a VPC (for example, <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b66096417173">vpc-01</strong>) and subnet, and confirm and submit the settings. For details, see section "Creating a Public NAT Gateway".</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li193801633928">Click the NAT gateway name. On the details page that is displayed, click <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1073617494454">Add SNAT Rule</strong>, set the rule, and click <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b15431622104314">OK</strong>.</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="functiongraph_01_0300.html">Configuring Functions</a></div>
</div>
</div>
View Git Blame Copy Permalink