Configuring VPC Access

Functions can be configured to access resources in your Virtual Private Clouds (VPCs) or to access the Internet using elastic IP addresses bound through source network address translation (SNAT).

1. Log in to the FunctionGraph console, and choose Functions > Function List in the navigation pane.
2. Create a function based on Creating and Initializing a Function.
3. Click the name of the created function.
4. Choose Configuration > Network, enable VPC Access, and configure VPC by referring to Table 1.

   Table 1 Configuring VPC access

   Parameter	Description
   VPC	Mandatory. Select the VPC to be accessed by the function. For details on how to create a VPC and subnet, see section "Creating a VPC with a Subnet" in the Virtual Private Cloud User Guide.
   Subnet	Mandatory. Select the subnet to be accessed by the function. All functions of a tenant in a project can be bound to a maximum of four subnets. (Each project has a unique 32-digit project ID, which is allocated when your account is created. The project IDs of your account and IAM user are the same.)
   Domain Name	Optional. Enter one or more private domain names of the VPC so that the function can use them to access resources in this VPC. For details about how to create a private domain name, see section "Creating a Private Domain Name" in the Domain Name Service User Guide. Functions can resolve only domain names of the A record set type. For details about how to add a record set, see section "Record Set Types and Configuration Rules" in the Domain Name Service User Guide.
   VPC CIDR Block	Optional. You can enter the VPC CIDR block used in the code to check whether it conflicts with FunctionGraph's VPC CIDR block. The blocks are separated by semicolons (;) and the number of blocks cannot exceed 5.
   Security Group	Mandatory. Select a security group. The inbound and outbound rules of the security group are displayed below. Configure the rules by referring to section "Adding a Security Group Rule" in the Virtual Private Cloud User Guide. Inbound rule: Set Action to Allow, Protocol & Port to ICMP, and the minimum range for Source to the VPC CIDR block selected for the function. For example, if the VPC CIDR block of the function is 192.168.x.x/24, add an inbound rule with Allow for Action, ICMP for Protocol & Port, and 192.168.x.x/24 for Source. Outbound rule: Set Action to Allow.

5. Click Save.

Example

The following is an example of configuring VPC access to connect to a Distributed Cache Service (DCS) Redis instance.

1. On the DCS console, view the VPC and subnet of the DCS Redis instance. If no Redis instances are available, create one.
2. On the FunctionGraph console, configure VPC access for the function as follows:
   • VPC Access: Enable VPC access.
   • VPC: Select the VPC queried in 1.
   • Subnet: Select the subnet queried in 1.

3. After the configuration is complete, use the following code to access the Redis instance:

   # -*- coding:utf-8 -*-
   import redis
   
   def handler (event, context):
       r = redis.StrictRedis(host='192.168.1.143', port=6379, db=0)
       r.set('product', 'FunctionGraph')
       print r.keys('*')
       print r.get('product')