VPC Communication

Last updated: 2021-09-23 14:25:15

    Overview

    SCF is deployed in the public network by default. This document describes how to enable SCF to access resources in the private network through VPC configuration, such as TencentDB, CVM, TencentDB for Redis, and CKafka, which helps ensure the data and connection security.

    Notes

    When configuring a VPC, pay attention to the following points:

    • A function deployed in a VPC is isolated from the public network by default. If you want the function to have access to both private and public networks, you can do so in the following two ways:
    • Currently, functions cannot be connected with resources on the classic network.

    Prerequisites

    You have created a function.

    Directions

    Modifying network configuration

    1. Log in to the SCF console and click Function Service on the left sidebar.
    2. Select the region at the top of the page and click the name of the function to be configured.
    3. On the Function Configuration page, click Edit in the top-right corner.
    4. Enable VPC and select the VPC to be accessed and the subnet you want to use.

    Using VPC

    After you configure the private network access for a function and start to use the VPC, the function will switch from the current independent network environment to the configured VPC. When the function starts, an IP address in your VPC subnet will be used as the IP address of the function runtime environment. In order to reduce the function's usage of subnet IP addresses, running function instances will share a proxy pair and scale the proxy pair based on the network bandwidth utilization.

    After the function is started, you can use the code and private IP address to access resources whose access entries are in the VPC, such as TencentDB for Redis, TDSQL, and CVM.
    The following is the sample code for accessing TencentDB for Redis, where the IP address of the Redis instance in the VPC is 10.0.0.86.

    # -*- coding: utf8 -*-
    import redis
    def main_handler(event,context):
       r = redis.StrictRedis(host='10.0.0.86', port=6379, db=0,password="crs-i4kg86dg:abcd1234")
       print(r.set('foo', 'bar'))
       print(r.get('foo'))
       return r.get('foo')
    

    Accessing custom domain name in VPC

    If you want to connect to a custom DNS server, you need to customize the name server configuration in the SCF environment. Currently, you can implement this by configuring the OS_NAMESERVER environment variable as shown below:

    Environment Variable Value Rule Description
    OS_NAMESERVER
    • It can be one or more IP addresses or domain names separated by ;.
    • A maximum of 5 custom name servers can be configured.
    It configures the custom name server.

    As shown in the following code implemented in Python, the configuration can be checked for effect by printing out the /etc/resolv.conf file.

    with open("/etc/resolv.conf") as f:
       print(f.readlines())
    

    Relevant Operations

    Viewing network configuration

    1. Log in to the SCF console and click Function Service on the left sidebar.
    2. Select a region at the top of the page and click the name of the function for which private network access has been configured to view the specific configuration through the corresponding network and subnet.