forked from docs/doc-exports
liusiying01
904c1aad8b
Reviewed-by: Mützel, Andrea <andrea.muetzel@t-systems.com> Co-authored-by: liusiying01 <liusiying@huawei.com> Co-committed-by: liusiying01 <liusiying@huawei.com>
80 lines
18 KiB
HTML
80 lines
18 KiB
HTML
<a name="functiongraph_01_0222"></a><a name="functiongraph_01_0222"></a>
|
|
|
|
<h1 class="topictitle1">Configuring Networks</h1>
|
|
<div id="body8662426"><div class="section" id="functiongraph_01_0222__en-us_topic_0000001298507413_section465417382214"><h4 class="sectiontitle">Public Access</h4><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p628615172117">By default, functions can access services on public networks. If the target public network service requires whitelist verification using a fixed IP address, <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_li10711134319497">enable VPC access</a>, configure a NAT gateway for the VPC, and bind an Elastic IP (EIP) to the gateway. For details, see <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_section1888817242319">Configuring a Fixed Public IP Address</a></p>
|
|
</div>
|
|
<div class="section" id="functiongraph_01_0222__en-us_topic_0000001298507413_section923421213196"><h4 class="sectiontitle">Configuring VPC Access</h4><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p3170105719595">Functions can access resources in a VPC bound to it. If a function needs both VPC and public access, configure a NAT gateway for the VPC and bind an EIP to the gateway. For details, see <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_section1888817242319">Configuring a Fixed Public IP Address</a>.</p>
|
|
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p493740131113"><strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b17942105012424">Required Permissions</strong></p>
|
|
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p245311791619">Configure an agency by referring to <a href="functiongraph_01_0920.html#functiongraph_01_0920">Configuring Agency Permissions</a>.</p>
|
|
<ul id="functiongraph_01_0222__en-us_topic_0000001298507413_ul181701657135914"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li112321119121116">Permissions for VPC access: an agency with the <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1532135174516">VPC Administrator</strong> permission or with the least permissions listed in <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_table3170115712597">Table 1</a>
|
|
<div class="tablenoborder"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_table3170115712597"></a><a name="en-us_topic_0000001298507413_table3170115712597"></a><table cellpadding="4" cellspacing="0" summary="" id="functiongraph_01_0222__en-us_topic_0000001298507413_table3170115712597" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Least permissions required</caption><thead align="left"><tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row121701157105911"><th align="left" class="cellrowborder" valign="top" width="20.549999999999997%" id="mcps1.3.2.5.1.3.2.3.1.1"><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p10170757135914">Permission</p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="79.45%" id="mcps1.3.2.5.1.3.2.3.1.2"><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p317117572595">Action</p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row1817115717591"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p1171185714593">Deleting a port</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p317145735914">vpc:ports:delete</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row1417125715591"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p1917135720594">Querying a port</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p41711557145914">vpc:ports:get</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row111711657115914"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p017195712597">Creating a port</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p141711557135919">vpc:ports:create</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row517175715593"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p817115713597">Querying a VPC</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p201711257125915">vpc:vpcs:get</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="functiongraph_01_0222__en-us_topic_0000001298507413_row181718571593"><td class="cellrowborder" valign="top" width="20.549999999999997%" headers="mcps1.3.2.5.1.3.2.3.1.1 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p01711457195918">Querying a subnet</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="79.45%" headers="mcps1.3.2.5.1.3.2.3.1.2 "><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p0171857155919">vpc:subnets:get</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li10171185765919">Permissions for private domain name resolution: an agency with the <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b385525355411">DNS ReadOnlyAccess</strong> permission</li></ul>
|
|
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p8258143910595"><strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b16431155155419">Procedure</strong></p>
|
|
<ol id="functiongraph_01_0222__en-us_topic_0000001298507413_ol1971194384912"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li17119437493">Log in to the FunctionGraph console. In the navigation pane, choose <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_en-us_topic_0000001251907924_b033610517502">Functions</strong> > <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_en-us_topic_0000001251907924_b183361950502">Function List</strong>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li371110431497">Click the function to be configured to go to the function details page.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li10711134319497"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_li10711134319497"></a><a name="en-us_topic_0000001298507413_li10711134319497"></a>Choose <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b5181333203912">Configuration</strong> > <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1727934103911">Network</strong>, enable <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b85861053113914">VPC Access</strong>, and specify a VPC and subnet.<div class="p" id="functiongraph_01_0222__en-us_topic_0000001298507413_p8682512013">To enable <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b115911543336">VPC Access</strong>, you need to configure the following inbound and outbound rules in the default security group. For details, see section "Adding a Security Group Rule". <ul id="functiongraph_01_0222__en-us_topic_0000001298507413_ul152735564416"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li6449105417412">Inbound rule: Set <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b12814125415429">Action</strong> to <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b4737175814428">Allow</strong>, <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b20141121113430">Protocol & Port</strong> to <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b121355214438">ICMP</strong>, and the minimum range for <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1236752511439">Source</strong> to the VPC CIDR block selected for the function. For example, if the VPC CIDR block of the function is <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1971132575014">192.168.<em id="functiongraph_01_0222__en-us_topic_0000001298507413_i63812291504">x.x</em>/24</strong>, add an inbound rule with <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b118184355117">Allow</strong> for <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b734164112511">Action</strong>, <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b13727185245114">ICMP</strong> for <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1650926105219">Protocol & Port</strong>, and <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1702132315527">192.168.<em id="functiongraph_01_0222__en-us_topic_0000001298507413_i134252855219">x.x</em>/24</strong> for <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b118791118155219">Source</strong>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li546811514441">Outbound rule: Set <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b18513515420">Action</strong> to <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1713414045416">Allow</strong>.</li></ul>
|
|
<div class="fignone" id="functiongraph_01_0222__en-us_topic_0000001298507413_fig11843319207"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_fig11843319207"></a><a name="en-us_topic_0000001298507413_fig11843319207"></a><span class="figcap"><b>Figure 1 </b>Configuring VPC access</span><br><span><img id="functiongraph_01_0222__en-us_topic_0000001298507413_image13853319200" src="en-us_image_0000001630849458.png" title="Click to enlarge" class="imgResize"></span></div>
|
|
<div class="note" id="functiongraph_01_0222__en-us_topic_0000001298507413_note577714497202"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ol type="a" id="functiongraph_01_0222__en-us_topic_0000001298507413_ol12777114915206"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li977764982011">For details on how to create a VPC and a subnet, see <a href="https://docs.otc.t-systems.com/virtual-private-cloud/umn/vpc_and_subnet/vpc/creating_a_vpc.html#en-us-topic-0013935842" target="_blank" rel="noopener noreferrer">Creating a VPC</a>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li877744918205">Specify an agency with VPC administrator permissions for the function. For details, see <a href="functiongraph_01_0920.html#functiongraph_01_0920">Configuring Agency Permissions</a>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li5777349182011">All functions of a tenant in a project can be bound to a maximum of four subnets. (Each project has a unique 32-digit project ID, which is allocated when your account is created. The project IDs of your account and IAM user are the same.)</li></ol>
|
|
</div></div>
|
|
</div>
|
|
</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li19413205719162"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_li19413205719162"></a><a name="en-us_topic_0000001298507413_li19413205719162"></a>(Optional) Configure the domain name.<div class="p" id="functiongraph_01_0222__en-us_topic_0000001298507413_p20860185818164"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_li19413205719162"></a><a name="en-us_topic_0000001298507413_li19413205719162"></a>Enter one or more private domain names of the VPC so that the function can use them to access resources in this VPC. See <a href="#functiongraph_01_0222__en-us_topic_0000001298507413_fig11843319207">Figure 1</a>.<div class="note" id="functiongraph_01_0222__en-us_topic_0000001298507413_note1338755611415"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ol type="a" id="functiongraph_01_0222__en-us_topic_0000001298507413_ol17764193610362"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li676463673611">For details about how to create a private domain name, see <a href="https://docs.otc.t-systems.com/domain-name-service/umn/private_zones/creating_a_private_zone.html#en-us-topic-0057773658" target="_blank" rel="noopener noreferrer">Creating a Private Zone</a>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li1577714471362">Functions can resolve only domain names of the A record set type. For details about how to add a record set, see <a href="https://docs.otc.t-systems.com/domain-name-service/umn/record_sets/adding_record_sets/record_set_types_and_configuration_rules.html#dns-usermanual-0601" target="_blank" rel="noopener noreferrer">Record Set Types and Configuration Rules</a>.</li></ol>
|
|
</div></div>
|
|
</div>
|
|
</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li1099612128246"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_li1099612128246"></a><a name="en-us_topic_0000001298507413_li1099612128246"></a>(Optional) Configure the VPC CIDR block.<div class="fignone" id="functiongraph_01_0222__en-us_topic_0000001298507413_fig5838194095016"><span class="figcap"><b>Figure 2 </b>VPC CIDR block</span><br><span><img id="functiongraph_01_0222__en-us_topic_0000001298507413_image9838134095010" src="en-us_image_0000002223713009.png" title="Click to enlarge" class="imgResize"></span></div>
|
|
<div class="note" id="functiongraph_01_0222__en-us_topic_0000001298507413_note66191344279"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="functiongraph_01_0222__en-us_topic_0000001298507413_ul1698420192715"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li1169802032712">You can enter the VPC CIDR block used in the code to check whether it conflicts with FunctionGraph's VPC CIDR block.</li></ul>
|
|
</div></div>
|
|
</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li571134384914">Click <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_en-us_topic_0000001298507433_b1943181115307">Save</strong>.</li></ol>
|
|
</div>
|
|
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p731141785314"></p>
|
|
|
|
<div class="section" id="functiongraph_01_0222__en-us_topic_0000001298507413_section1888817242319"><a name="functiongraph_01_0222__en-us_topic_0000001298507413_section1888817242319"></a><a name="en-us_topic_0000001298507413_section1888817242319"></a><h4 class="sectiontitle">Configuring a Fixed Public IP Address</h4><p id="functiongraph_01_0222__en-us_topic_0000001298507413_p23469218180">If a function needs to access public network resources in a VPC or requires a fixed public IP address, configure a NAT gateway for the VPC and bind an EIP to the gateway.</p>
|
|
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p5783210183917"><strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b739732215479">Prerequisites</strong></p>
|
|
<ol id="functiongraph_01_0222__en-us_topic_0000001298507413_ol12952935194314"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li1595243511433">You have created a VPC and a subnet according to <a href="https://docs.otc.t-systems.com/virtual-private-cloud/umn/vpc_and_subnet/vpc/creating_a_vpc.html#en-us-topic-0013935842" target="_blank" rel="noopener noreferrer">Creating a VPC</a>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li14365104114439">You have obtained an EIP according to <a href="https://docs.otc.t-systems.com/elastic-ip/umn/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.html" target="_blank" rel="noopener noreferrer">Assigning an EIP</a>.</li></ol>
|
|
<p id="functiongraph_01_0222__en-us_topic_0000001298507413_p15945191314420"><strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b167613221268">Procedure</strong></p>
|
|
<ol id="functiongraph_01_0222__en-us_topic_0000001298507413_ol183808331224"><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li183809337215">In the left navigation pane of the management console, choose <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b1983410342133">Network</strong> > <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b38342346133">NAT Gateway</strong> to go to the NAT Gateway console. Then click <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b289212169132">Create NAT Gateway</strong>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li105942533011">On the displayed page, enter gateway information, select a VPC (for example, <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b66096417173">vpc-01</strong>) and subnet, and confirm and submit the settings. For details, see <a href="https://docs.otc.t-systems.com/nat-gateway/umn/managing_nat_gateways/creating_a_public_nat_gateway.html" target="_blank" rel="noopener noreferrer">Creating a Public NAT Gateway</a>.</li><li id="functiongraph_01_0222__en-us_topic_0000001298507413_li193801633928">Click the NAT gateway name. On the details page that is displayed, click <a href="https://docs.otc.t-systems.com/nat-gateway/umn/managing_snat_rules/adding_an_snat_rule.html#en-us-topic-0127489529" target="_blank" rel="noopener noreferrer">Add SNAT Rule</a>, set the rule, and click <strong id="functiongraph_01_0222__en-us_topic_0000001298507413_b14631848193111">OK</strong>.</li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="functiongraph_01_0300.html">Configuring Functions</a></div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<script language="JavaScript">
|
|
<!--
|
|
image_size('.imgResize');
|
|
var msg_imageMax = "view original image";
|
|
var msg_imageClose = "close";
|
|
//--></script> |