Networking in Cloud Functions
By default, the function is launched in the isolated IPv4 network with the enabled NAT gateway. For this reason, only public IPv4 addresses are available.
User network
If necessary, you can specify a cloud network in the function settings. In this case, the function will have access to the internet and user resources in the specified network, such as databases and VMs.
A cloud network must meet the following conditions:
- Has subnets in all availability zones.
- Has at least one resource with an IP address in the specified cloud network.
Note
If the network does not meet the conditions above, the service does not guarantee its operation.
If the user specifies a network in the function settings, this will create a service subnet with addresses from the 198.19.0.0/16 range for each availability zone. Once run, the function will be assigned an IP address from the respective subnet and will have access to all network resources.
Note
You can only specify a single network for functions, containers, and API gateways that reside in the same cloud.
Networking between two functions, as well as between functions and user resources, is limited:
- Outbound connections over TCP, UDP, and ICMP are supported. For example, a function may access a Compute Cloud VM or Managed Service for YDB database in the user network.
- Inbound connections are not supported. For example, there is no way to access internal function components over the network even if you know the IP address of its instance.
It may take longer than usual to run a new instance of the function whose settings specify the network. Regardless of the settings, any function is called only via the public API. More about function calls.
To delete the network specified in the function, delete all the functions, containers, and API gateways it was set in and wait from 15 minutes to 24 hours.