SCF is deployed in the public network by default. This document describes how to enable SCF to access resources in the private network through VPC configuration, such as TencentDB, CVM, TencentDB for Redis, and CKafka, which helps ensure the data and connection security.
When configuring a VPC, pay attention to the following points:
You have created a function.
After you configure the private network access for a function and start to use the VPC, the function will switch from the current independent network environment to the configured VPC. When the function starts, an IP address in your VPC subnet will be used as the IP address of the function runtime environment. In order to reduce the function's usage of subnet IP addresses, running function instances will share a proxy pair and scale the proxy pair based on the network bandwidth utilization.
After the function is started, you can use the code and private IP address to access resources whose access entries are in the VPC, such as TencentDB for Redis, TDSQL, and CVM.
The following is the sample code for accessing TencentDB for Redis, where the IP address of the Redis instance in the VPC is
# -*- coding: utf8 -*- import redis def main_handler(event,context): r = redis.StrictRedis(host='10.0.0.86', port=6379, db=0,password="crs-i4kg86dg:abcd1234") print(r.set('foo', 'bar')) print(r.get('foo')) return r.get('foo')
If you want to connect to a custom DNS server, you need to customize the
name server configuration in the SCF environment. Currently, you can implement this by configuring the
OS_NAMESERVER environment variable as shown below:
|Environment Variable||Value Rule||Description|
|OS_NAMESERVER|| ||It configures the custom |
As shown in the following code implemented in Python, the configuration can be checked for effect by printing out the
with open("/etc/resolv.conf") as f: print(f.readlines())