Configure static public IP addresses - Function Compute - Alibaba Cloud Documentation Center

To allow Function Compute to access databases, WeChat mini programs, and third-party services, you need to configure a whitelist. You can use the static public IP address of Function Compute to verify the whitelist. This topic describes how to assign an outbound static public IP address in the Function Compute console.

Precautions

To use a static public IP address, you must have an Internet network address translation (NAT) gateway in Virtual Private Cloud (VPC). To be specific, you need to create an Internet NAT gateway, and associate an elastic IP address (EIP) with and create a source network address translation (SNAT) entry for the NAT gateway. This way, VPC-connected instances can use the EIP to access the Internet. In this case, the client IP address that you can obtain from the acceptor is the EIP associated with the NAT gateway.
Both NAT gateways and Elastic IP addresses (EIPs) are available only in specific zones of a region. If the NAT gateway and EIP that you purchased reside in a zone different from that of your Function Compute service, you must use a vSwitch to establish cross-zone Internet connections. For more information, see Zones where Function Compute is available
An EIP is shared among all services in the same region.
Before RAM users use the static IP address feature, you must log on to RAM console and attach the following policies to the RAM users: AliyunECSFullAccess, AliyunVPCFullAccess, AliyunEIPFullAccess, and AliyunNATGatewayFullAccess.

Billing rules

When you configure a static public IP address, a NAT gateway and an EIP may be created. In this case, costs are generated. For more information, see Billing of Internet NAT gateways and Billing overview.

Configure static public IP addresses for the first time

Prerequisites

The network is configured and the required permissions are granted for your service to allow functions to access VPC resources. For more information, see Configure the network settings and the role.
The Access to VPC parameter is set to Yes in service settings. For more information, see Configure network settings.

Procedure

Log on to the Function Compute console. In the left-side navigation pane, click Services & Functions.
In the top navigation bar, select a region. On the Services page, find the desired service and click Configure in the Actions column.
In the Network Settings section, set the Static Public IP Address parameter to Yes and set the Access to Internet parameter to No.
Note To ensure that functions can access external networks, we recommend that you set the Access to Internet parameter to Yes first. After a static public IP address takes effect, set the Access to Internet parameter to No. This way, traffic migration can be performed smoothly.
Click Save. In the Static Public IP Address Configurations dialog box that appears, confirm the information and select the check box in the dialog box. Then click Confirm.
After 1 to 2 minutes, you are redirected to the Service Details page. You can view the saved network settings on the page. You can also go to the VPC console to view the information about the NAT gateway-related resources that are associated or created by Function Compute.

Verify the result

Log on to the Function Compute console. In the left-side navigation pane, click Services & Functions.
In the top navigation bar, select a region. On the Services page, click the desired service.
On the Functions page, click the name of the desired function. On the Function Details page that appears, click the Code tab.

Click the Code tab and write code in the code editor.

In this example, the function code is written in Python.

# -*- coding: utf-8 -*-
import logging
import requests

def handler(event, context):
  logger = logging.getLogger()
  try:
    r = requests.get('https://myip.ipip.net')
    clientIP = r.content.split()[1]
    logger.info('Client IP: ' + clientIP)
  except:
    r = requests.get('http://ipinfo.io')
    clientIP = r.json()['ip']
    logger.info('Client IP: ' + clientIP)
  return clientIP

Write code in the code editor, click Deploy, and then click Test Function.
After the execution, you can view the client IP address in the response. The client IP address is the assigned static public IP address.

Add a static public IP address

To add a static public IP address, perform the following steps:

In the Network Settings section, click Create EIP under the Static IP Address parameter.
You are navigated to the VPC console.
In the VPC console, create an EIP and associate it with the NAT gateway that you use. For more information, see Apply for an EIP.
After you complete the operation in the VPC console, go back to the Service Details page in the Function Compute console, where you can view the saved service settings.

Related operations

If you want to disable the static public IP address feature or delete assigned IP addresses, set the Access to Internet parameter to Yes in service settings in the Function Compute console. Then, go to the VPC console and delete all NAT gateways that are associated with your VPC.