The default outbound IP address of Function Compute is dynamic and has no fixed CIDR block. To allow Function Compute to access databases, WeChat mini programs, and third-party services, you must configure a whitelist. You can use the static public IP address feature of Function Compute to bind a static public IP address and add the static public IP address to the whitelist. This topic describes how to configure an outbound static public IP address in the Function Compute console.
Usage notes
To use a static public IP address, you must have an Internet NAT gateway in a virtual private cloud (VPC). To be specific, you need to create an Internet NAT gateway, and associate an elastic IP address (EIP) with and create a source network address translation (SNAT) entry for the NAT gateway. This way, VPC-connected instances can use the EIP to access the Internet. In this case, the client IP address that you can obtain from the acceptor is the EIP associated with the NAT gateway.
Both NAT gateways and EIPs are available only in specific zones of a region. If the NAT gateway and EIP that you purchased reside in a zone different from that of your service in Function Compute, you must use a vSwitch to establish cross-zone Internet connections. For more information, see Zones where Function Compute is available.
An EIP is shared among all services in the same region.
Before RAM users use the static IP address feature, you must log on to the RAM console and attach the following policies to the RAM users:
AliyunECSFullAccess,AliyunVPCFullAccess,AliyunEIPFullAccess, andAliyunNATGatewayFullAccess.
Billing rules
When you configure a static public IP address, a NAT gateway and an EIP may be created. In this case, fees are generated. For more information, see Billing of Internet NAT gateways and Billing overview.
Configure static public IP addresses for the first time
Prerequisites
The network is configured and the required permissions are granted for your service to allow functions to access VPC resources. For more information, see Configure network settings and the role.
The Access to VPC parameter is set to Yes in service settings. For more information, see Configure network settings.
Procedure
Log on to the Function Compute console. In the left-side navigation pane, click Function.
In the top navigation bar, select a region. On the Function page, click the function that you want to manage.
On the function details page, click the Configuration tab.
In the left-side navigation pane, click Network and then Modify. In the Network panel, set the Static Public IP Address parameter to Yes and the Allow Default NIC to Access Internet parameter to No.
NoteTo ensure that the function can access the Internet as expected, you can set Allow Default NIC to Access Internet to Yes and wait for the static public IP address setting to take effect. After the static public IP address setting takes effect, set Allow Default NIC to Access Internet to No.
Click OK. In the Static Public IP Address Configurations dialog box, read the message, select the check box, and then click OK.
The network configuration takes one to two minutes to complete. After it is complete, you can view the network configurations. You can also go to the VPC console to view the information about the resources that were associated or created.
Verify the result
Log on to the Function Compute console. In the left-side navigation pane, click Function.
In the top navigation bar, select a region. On the Function page, click the function that you want to manage.
On the function details page, click the Code tab and write code in the code editor.
In this example, the function code is written in Python.
# -*- coding: utf-8 -*- import logging import requests def handler(event, context): logger = logging.getLogger() try: r = requests.get('https://myip.ipip.net') clientIP = r.content.split()[1] logger.info('Client IP: ' + clientIP) except: r = requests.get('http://ipinfo.io') clientIP = r.json()['ip'] logger.info('Client IP: ' + clientIP) return clientIPAfter you write your code, click Deploy and then Test Function.
After the code is executed, you can view the client IP address in the response. The client IP address is the assigned static public IP address.
Add a static public IP address
To add a static public IP address, perform the following steps:
On the function details page, click the Configuration tab. Then click Network in the left-side navigation pane and click Modify. In the Network panel, click Create EIP below Static Public IP Address.
You are navigated to the VPC console.
In the VPC console, create an EIP and associate it with the NAT gateway that you use. For more information, see Apply for an EIP.
After you complete the operation in the VPC console, go back to the network configuration page in the Function Compute console to view the saved settings.
More operations
If you want to disable the static public IP address feature or delete assigned IP addresses, set the Allow Default NIC to Access Internet parameter to Yes in the Function Compute console, and then go to the VPC console to delete all NAT gateways that are associated with your VPC.