All Products
Search

This Product

    Function Compute:Configure a static public IP address

    Document Center

    Function Compute:Configure a static public IP address

    Last Updated:Apr 01, 2026

    By default, Function Compute uses dynamic egress IP addresses that don't belong to a fixed CIDR block. To access services that require IP allowlisting—such as databases, WeChat Mini Programs, or third-party APIs—configure a static public IP address to bind a fixed IP to your function's outbound traffic.

    How it works

    The static public IP feature routes your function's outbound traffic through an Internet NAT gateway inside a Virtual Private Cloud (VPC). Enabling this feature creates the following resources:

    1. An Internet NAT gateway in your VPC

    2. An elastic IP address (EIP) associated with the NAT gateway

    3. A Source Network Address Translation (SNAT) entry that routes VPC traffic through the EIP

    External services receive traffic from the EIP, which you add to their allowlist.

    Considerations

    • NAT gateways and EIPs are available only in specific availability zones within a region. If the NAT gateway and EIP are not in the same availability zone as your function, configure a vSwitch to enable cross-zone connectivity. For more information, see Availability zones supported by Function Compute.

    • An EIP can be shared across functions in the same region.

    • Before a RAM user can use this feature, an Alibaba Cloud account must grant the following Resource Access Management (RAM) policies to the RAM user in the RAM console: AliyunECSFullAccess, AliyunVPCFullAccess, AliyunEIPFullAccess, AliyunRAMFullAccess, and AliyunNATGatewayFullAccess.

    Billing

    Enabling this feature creates a NAT gateway and an EIP, both of which are billable. For pricing details, see NAT Gateway billing and Elastic IP Address billing.

    Configure a static public IP address for the first time

    Prerequisites

    Before you begin, ensure that you have:

    Check the current egress IP

    Before enabling a static IP, record the current dynamic egress IP so you can verify the change afterward.

    1. Log on to the Function Compute console. In the left-side navigation pane, choose Function Management > Function.

    2. Select a region in the top navigation bar and click the target function.

    3. On the function details page, click the Code tab and run the following code. Note the returned IP address.

    # -*- coding: utf-8 -*-
import logging
import requests

def handler(event, context):
    logger = logging.getLogger()
    try:
        r = requests.get('https://myip.ipip.net')
        clientIP = r.content.split()[1]
        logger.info('Client IP: ' + clientIP)
    except:
        r = requests.get('http://ipinfo.io')
        clientIP = r.json()['ip']
        logger.info('Client IP: ' + clientIP)
    return clientIP

    Enable the static public IP address

    1. Log on to the Function Compute console. In the left-side navigation pane, choose Function Management > Function.

    2. Select a region in the top navigation bar and click the target function.

    3. On the function details page, click the Configuration tab, then click Modify to the right of Advanced Settings.

    4. In the Advanced Configurations panel, find the Network section. Enable Static Public IP Address and set Allow Default NIC to Access Internet to No.

      Important

      To avoid traffic disruption during migration, first set Allow Default NIC to Access Internet to Yes. After the static IP takes effect, change it to No to complete the migration.

    5. Click Deploy. In the Static Public IP Configuration dialog box, read the information carefully, select the confirmation check box, and click OK.

    The network configuration takes one to two minutes to complete. After it finishes, the saved network settings are displayed. You can also view the Internet NAT gateway and associated resources in the VPC console.

    Verify the static IP is active

    Run the same verification code from the Check the current egress IP section. The returned IP address should match the static public IP you configured.

    • Success: The returned IP matches your configured static public IP.

    • Failure: If the function times out or returns a different IP, the NAT gateway configuration may not have propagated yet. Wait a few minutes and try again. If the problem persists, check the NAT gateway and SNAT entry in the VPC console.

    Add more static public IP addresses

    1. On the function details page, click the Configuration tab, then click Modify to the right of Advanced Settings. In the Advanced Configurations panel, find the Network section and click Create new EIP under Static Public IP Address. You are redirected to the VPC console.

    2. In the VPC console, create an EIP and associate it with the corresponding NAT gateway. For details, see Apply for an EIP.

    After the EIP is associated, return to the function's network configuration page to confirm the updated settings.

    Disable or release a static public IP address

    To disable the static public IP feature or release a configured IP address:

    1. Set Allow Default NIC to Access Internet to Yes.

    2. Click the configured IP address to open the VPC console.

    3. Disassociate the EIP from the NAT gateway and release the resources.