Function Compute provides dynamic egress IP addresses. If Function Compute requires access to databases, WeChat mini programs, or other third-party services, you must configure an IP address whitelist. You can use the static IP address feature provided by Function Compute to access these services and add static IP addresses to the whitelist. This topic describes how to assign a static public IP address to allow the function to access the Internet in the Function Compute console.
Precautions
To assign a static public IP address, you must have an Internet network address translation (NAT) gateway in a virtual private cloud (VPC). To be specific, you must purchase an Internet NAT gateway and associate an elastic IP address (EIP) with the NAT gateway. You must also create a source network address translation (SNAT) entry for the NAT gateway. This way, VPC-connected instances can use the EIP to access the Internet. The client IP address that you can obtain from the acceptor is the EIP that is associated with the NAT gateway.
NAT gateways and EIPs are available only in specific zones of a region. If the NAT gateway and EIP that you purchased reside in a zone that is different from that of your service in Function Compute, you must use a vSwitch to establish cross-zone Internet connections. For more information, see Zones where Function Compute is available.
An EIP is shared among all services in the same region.
If you want Resource Access Management (RAM) users to use the static IP address feature, log on to the RAM console and attach the following policies to the RAM users:
AliyunECSFullAccess,AliyunVPCFullAccess,AliyunEIPFullAccess, andAliyunNATGatewayFullAccess.
Billing
When you configure a static public IP address, a NAT gateway and an EIP may be created and fees may be generated. For more information, see Billing of Internet NAT gateways and Billing overview.
Configure a new static public IP addresses
Prerequisite
The network is configured, and the required permissions are granted to the desired service to allow functions to access VPC resources. For more information, see Configure network settings and the role.
The Access to VPC parameter is set to Yes in the service settings. For more information, see Configure network settings.
Procedure
Log on to the Function Compute console. In the left-side navigation pane, click Services & Functions.
In the top navigation bar, select a region. On the Services page, find the desired service and click Configure in the Actions column.
In the Network Settings section, set the Static Public IP Address parameter to Yes and the Access the Internet parameter to No.
NoteTo ensure that functions can access external networks, we recommend that you set the Access to Internet parameter to Yes first. After a static public IP address takes effect, set the Access to Internet parameter to No. This way, traffic migration can be smoothly performed.
Click Save. In the Static Public IP Address Configurations dialog box, read the message, select the check box, and then click OK.
After 1 to 2 minutes, you are navigated to the Service Details page. You can view the network configurations that you saved. You can also log on to the VPC console to view the Internet NAT gateway that you associated or was automatically created by the system.
Verify configurations
Log on to the Function Compute console. In the left-side navigation pane, click Services & Functions.
In the top navigation bar, select a region. On the Services page, click the desired service.
On the Functions page, click the name of the desired function. On the Function Details page that appears, click the Code tab.
In the code editor on the Code tab, write function code.
In this example, function code is written in Python.
# -*- coding: utf-8 -*- import logging import requests def handler(event, context): logger = logging.getLogger() try: r = requests.get('https://myip.ipip.net') clientIP = r.content.split()[1] logger.info('Client IP: ' + clientIP) except: r = requests.get('http://ipinfo.io') clientIP = r.json()['ip'] logger.info('Client IP: ' + clientIP) return clientIPAfter you write function code, click Deploy and then Test Function.
After the code is executed, you can view the client IP address in the response. The client IP address is the assigned static public IP address.
Add a static public IP address
To add a static public IP address, perform the following steps:
In the Network Configurations section, click Create EIP in the lower part of the Static Public IP Address parameter.
Then, you are navigated to the VPC console.
In the VPC console, create an EIP and associate the EIP with the NAT gateway that you use. For more information, see Apply for an EIP.
After you complete the operations in the VPC console, go back to the service details page in the Function Compute console to view the saved service settings.
What to do next
If you want to disable the static public IP address feature or delete assigned static IP addresses, set the Access to Internet parameter to Yes in the service settings in the Function Compute console. Then, go to the VPC console and delete all NAT gateways that are associated with your VPC.
Troubleshooting
How do I configure an IP address whitelist when I access a database from Function Compute?