Serverless Functions and Private Networks integration

Compatibility

Scaleway Serverless Functions support Virtual Private Cloud (VPC) and can be attached to a Private Network, which allows you to securely connect your resources in an isolated environment. Refer to the dedicated documentation for more information.

Features

• Functions in the same namespace can be attached to different Private Networks.
• Both sandbox environments (V1 and V2) are compatible with Private Networks.
• Attaching Serverless Functions to Private Networks does not incur additional cost.
• Egress (outbound private traffic from a function to resources within the same Private Network) will be routed through the private interface, but external traffic (from the Internet) will be routed through the public endpoint of the function.
• All DNS resolution is done through the Private Network (using the VPC DNS server 169.254.169.254), which allows to resolve *.internal records.

Quotas

Refer to the dedicated documentation for more information on Private Networks quotas for Serverless Functions.

Limitations

• VPC works with Namespaces that have VPC support enabled. VPC support can only be enabled at namespace creation, and cannot be updated afterward.
• Only one Private Network can be attached to a Serverless Container.
• VPC routing (custom routes and cross-PN automatic routing) is not supported yet.
• Ingress (inbound private traffic from resources to a function within the same Private Network) is not supported yet.
• Each function instance has a unique IP automatically assigned by Scaleway in the Private Network. This implies the following:
  • Users cannot preemptively book an IP with IPAM, and reference it in the attachment.
  • A single Serverless Container can have a large number of IPs being used within the Private Network, depending on the number of concurrent instances.
  • Cold-starts are slightly longer due to the additional steps required to attach the node to the Private Network and book an IP.