Public Access Check
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
function-graph-public-access-prohibited |
|
Identifier |
Public Access Check |
|
Description |
If a function can be accessed over a public network, this function is non-compliant. |
|
Tag |
fgs |
|
Trigger Type |
Configuration change |
|
Filter Type |
fgs.functions |
|
Rule Parameters |
None |
Application Scenarios
By default, functions can access services on public networks. The default public NAT access bandwidth is shared between tenants in testing scenarios that involve a small number of requests. In production scenarios that require high bandwidth, performance, and reliability, enable VPC access for your function, add a public NAT gateway, and bind an EIP with an exclusive bandwidth to it. For details, see Configuring the Network.
Solution
If your function does not need to access the public network, disable Public Access and enable VPC Access. For details, see Network Restrictions.
If your function needs to access the public network, disable Public Access and configure a fixed public IP address for the function.
Rule Logic
- If Public Access is enabled for a function, this function is non-compliant.
- If Public Access is disabled for a function, this function is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
