Tencent Cloud SCF id deployed in the public network by default. This document describes how to enable SCF to access resources in the private network through VPC configuration, such as TencentDB, CVM, TencentDB for Redis, and CKafka, which helps ensure data and connection security.
When configuring a VPC, pay attention to the following points:
You have created a function.
After you configure the private network access for a function and start to use the VPC, the function will switch from the current independent network environment to the configured VPC. When the function starts, an IP address in your VPC subnet will be used as the IP address of the function runtime environment. In order to reduce the functions' usage of subnet IP addresses, running function instances will share a proxy pair and scale the proxy pair based on the network bandwidth utilization.
After the function is started, you can use code and private IP address to access resources whose access entries are in the VPC, such as TencentDB for Redis, TDSQL, and CVM.
The following is sample code to access TencentDB for Redis, where the IP address of the Redis instance in the VPC is
# -*- coding: utf8 -*- import redis def main_handler(event,context): r = redis.StrictRedis(host='10.0.0.86', port=6379, db=0,password="crs-i4kg86dg:abcd1234") print(r.set('foo', 'bar')) print(r.get('foo')) return r.get('foo')
After configuring private network access for a function, if you want to use domain names to access your self-built services in the VPC, you usually need to use a custom
name server to implement domain name resolution.
In order to support the custom
name server configuration in the SCF environment, you can implement the custom
name server by configuring the
OS_NAMESERVER environment variable as shown below:
|Environment Variable Name||Value Rule||Feature|
As shown in the following code, the configuration can be checked for effect by printing out the
with open("/etc/resolv.conf") as f: print(f.readlines())