Creates a NAT firewall.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| yundun-cloudfirewall:CreateSecurityProxy | get |
|
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| Lang | string | No | The language of the content within the response. Valid values:
| zh |
| ProxyName | string | Yes | The name of the NAT firewall. The name must be 4 to 50 characters in length, and can contain letters, digits, and underscores (_). However, it cannot start with an underscore. | nat-idmp-fir |
| RegionNo | string | Yes | The region ID of the virtual private cloud (VPC). Note
For more information about Cloud Firewall supported regions, see Supported regions.
| cn-hangzhou |
| VpcId | string | Yes | The ID of the VPC. | vpc-uf6b5lyul0xfgv74i01ph |
| NatGatewayId | string | Yes | The ID of the NAT gateway. | ngw-bp1okz6k7s4n4mnk5f1g3 |
| VswitchAuto | string | No | The mode of the vSwitch that you want to use. Valid values:
| true |
| VswitchId | string | No | The ID of the vSwitch. This parameter is required if you set the VswitchAuto parameter to true. | vsw-bp1sqg9wms9w9y1uxcs1x |
| NatRouteEntryList | array<object> | Yes | The routes to be switched to the NAT gateway. | |
| object | Yes | |||
| NextHopId | string | Yes | The next hop of the original NAT gateway. | ngw-bp1okz6k7s4n4mnk5f1g3 |
| DestinationCidr | string | Yes | The destination CIDR block of the default route. | 0.0.0.0/0 |
| NextHopType | string | Yes | The network type of the next hop. Set the value to NatGateway. | NatGateway |
| RouteTableId | string | Yes | The route table to which the default route of the NAT gateway belongs. | vtb-2ze13wrgz7wsu9yiqeffg |
| FirewallSwitch | string | No | The status of the NAT firewall. Valid values:
| close |
| StrictMode | integer | No | Specifies whether to enable the strict mode. Valid values:
| 0 |
| VswitchCidr | string | No | The CIDR block of the vSwitch. | 0.0.0.0/0 |
Response parameters
Examples
Sample success responses
JSONformat
{
"ProxyId": "proxy-nat97ac4d7cc3834a5daf40",
"RequestId": "15FCCC52-1E23-57AE-B5EF-3E00A3DC3CAB"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | ErrorAliUid | Aliuid invalid. | The aliuid is invalid. |
| 400 | ErrorParamProxyNameError | proxy name invalid. | Invalid NAT firewall name. |
| 400 | ErrorRegionNoError | Region is error, please reselect | The specified region is invalid. Enter another value. |
| 400 | ErrorVpcIdError | Vpc ID invalid. | The VPC is incorrectly selected. Select another VPC. |
| 400 | ErrorDnatNotSupport | Secure proxy does not support DNAT entries. | NAT firewall does not support DNAT. |
| 400 | ErrorProxySnatIpEmpty | SNAT entry is empty. | SNAT entry is empty. |
| 400 | ErrorSnatIpQuotaExceed | The number of SNAT IP exceeds the specification. | The number of NAT Gateway EIPs exceeds the specifications supported by a single NAT firewall. |
| 400 | ErrorDBSelectError | A database select error occurred. | The error message returned because an internal error has occurred in querying the database. |
| 400 | ErrorDefaultRouteConflicts | Default route conflicts. | A default route already exists in the routing table bound to the selected switch. |
| 400 | ErrorUserCredentials | User credentials failed. | Unauthorized, not accessible, please first authorize firewall permissions. |
| 400 | ErrorVpcOpenApi | vpc open api failed | Failed to call the VPC API. |
| 400 | ErrorVswitchNotFound | vswitch not found | The vSwitch does not exist. Select another vSwitch. |
| 400 | ErrorProxyRouteEntryConflicts | Proxy custom route table Nat Gateway and Attachment route entry conflict. | The custom route table of the NAT gateway has a route entry with the next hop of NatGateway and Attachment. |
| 400 | ErrorVswitchNoAvailableCidr | No available CIDR to create a vswitch. | There is no free CIDR block in the VPC to create a VSwitch. |
| 400 | ErrorCidrFormat | Network segment CIDR format error, please select again | The format of the specified CIDR block is invalid. Enter another value. |
| 400 | ErrorInternal | internal error | An internal error occurred. |
| 400 | ErrorVswitchCidrNotInVpc | Vswitch CIDR address not in vpc. | The CIDR block address of the switch does not belong to the current VPC. |
| 400 | ErrorVswitchRouteConflict | vswitch route conflict. | The entered VSwitch CIDR block conflicts with the existing VSwitch CIDR block. |
| 400 | ErrorVswitchCidrIpNumNotEnough | No enough private proxy IP in vswitch cidr. | The firewall switch does not have enough private IP addresses. |
| 400 | ErrorRouteEntryNotFound | route entry not found. | The route entry does not exist. |
| 400 | ErrorUserNotFound | User not found | The user does not exist. |
| 400 | ErrorProxyVpcNotSupportAdvFeature | This vpc advanced feature is not supported. | The VPC contains ECS instances that do not support advanced features of VPC. |
| 400 | ErrorDBInsertError | A database insert error occurred. | An error occurred while performing an insert operation in the database. |
| 400 | ErrorProxyNumQuotaTop | Proxy num reaches maximum. | Insufficient quota. |
| 400 | ErrorProxyClusterNotAvailable | Can not find available cluster for nat firewall. | Failed to assign cluster for nat firewall. |
| 400 | ErrorDBTxError | A database transaction error occurred. | The error message returned because an internal error has occurred in the database transaction. |
| 400 | ErrorRecordLog | record operation log error. | Update operation log error. |
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation |
|---|---|---|
| 2024-08-08 | API Description Update. The Error code has changed | View Change Details |