This topic describes how to access a database in a virtual private cloud (VPC) by using Function Compute and provides examples.

Access mechanism

Function Compute dynamically allocates instances for running functions. Therefore, you cannot add the dynamic IP addresses of these instances to the whitelist of a database. Based on the principle of least privilege, we recommend that you do not add the IP address to the whitelist of your database in your production environment to ensure access/data security.

To resolve this issue, you can configure a VPC for the database, allow access to resources in the VPC for the service of the function, and then add the vSwitch CIDR block that you configured in Function Compute to the database whitelist. This way, Function Compute can access the database over the VPC.

The following figure shows how Function Compute accesses a database. Access an ApsaraDB RDS for MySQL database
  1. The client sends a request to Function Compute.
  2. Function Compute accesses the database that resides in the VPC that you specified.

    To configure the network in the Function Compute console, see Configure the network. You can configure the network based on the following example. In this example, the YAML file of Serverless Devs is used.

  3. Function Compute returns the obtained data to the client.



SQL Server