All Products
Search
Document Center

Elastic Compute Service:ModifyInstanceVpcAttribute

Last Updated:Dec 17, 2024

Changes the virtual private cloud (VPC), private IP address, or vSwitch of an Elastic Compute Service (ECS) instance that resides in a VPC.

Operation description

Usage notes

The instance that you want to manage must be in the Stopped (Stopped) state.

  • When you call this operation to change the private IP address or vSwitch of an instance, take note of the following items:

    • If the instance is a new instance, you must restart the instance before you call this operation.
    • After the private IP address or vSwitch of the instance is changed, you must restart the instance before you can recall this operation.
  • When you call this operation to change the VPC of an instance, take note of the following items:

    • Instance:

      • The instance cannot be associated with Server Load Balancer (SLB) instances.
      • The instance cannot be in the Locked, To Be Released, Expired, Expired and Being Recycled, or Overdue and Being Recycled state. For more information, see Instance lifecycle.
      • The instance cannot be used in other Alibaba Cloud services. For example, the instance cannot be in the process of being migrated or having its VPC changed, or the databases deployed on the instance cannot be managed by Data Transmission Service (DTS).
    • Network:

      • The cut-through mode or the multi-elastic IP address (EIP)-to-elastic network interface (ENI) mode cannot be enabled for the instance.
      • The instance cannot be associated with a high-availability virtual IP address (HAVIP).
      • The vSwitch of the instance cannot be associated with a custom route table.
      • Global Accelerator (GA) cannot be activated for the instance.
      • The instance cannot have secondary ENIs.
      • The instance cannot be assigned an IPv6 address.
      • The primary ENI of the instance cannot be associated with multiple IP addresses.
      • The new vSwitch that you specify must belong to the new VPC.
      • The original and new vSwitches must reside in the same zone.
      • If you assign a private IP address to the primary ENI of the instance, the private IP address must be an idle IP address within the CIDR block of the new vSwitch. If you do not assign a private IP address to the primary ENI of the instance, a private IP address is randomly assigned to the ENI. Make sure that sufficient IP addresses are available in the CIDR block of the new vSwitch.
      • The Alibaba Cloud account that owns the new VPC cannot share the VPC with other accounts.
    • Security group (SecurityGroupId.N):

      • All security groups must be of the same type.
      • The valid values of N vary based on the maximum number of security groups to which an instance can belong. For more information, see the "Security group limits" section in Limits .
      • The security groups that you specify must belong to the new VPC.
      • You can switch the instance to security groups of a different type. To ensure network connectivity, we recommend that you understand the differences in rule configurations of the two security group types before you switch an instance to security groups of a different type. For more information, see Overview .

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
ecs:ModifyInstanceVpcAttributeupdate
*Instance
acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
*VSwitch
acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}
  • vpc:tag
  • vpc:VPC
none

Request parameters

ParameterTypeRequiredDescriptionExample
InstanceIdstringYes

The ID of the instance.

i-bp1iudwa5b1tqag1****
VSwitchIdstringYes

The ID of the vSwitch.

  • If this parameter is set to the ID of the current vSwitch, the vSwitch of the instance remains unchanged.
  • If this parameter is set to the ID of a different vSwitch and the VpcId parameter is not specified, the new vSwitch must belong to the same zone and VPC as the current vSwitch.
  • If the VpcId parameter is specified, the vSwitch specified by this parameter must belong to the specified VPC and the same zone as the current vSwitch.
vsw-bp1s5fnvk4gn3tw12****
PrivateIpAddressstringNo

The new private IP address of the instance.

Note The value of PrivateIpAddress depends on the value of VSwitchId. The specified IP address must be within the CIDR block of the specified vSwitch.

By default, if this parameter is not specified, a private IP address is randomly assigned from the CIDR block of the specified vSwitch.

172.17.**.**
VpcIdstringNo

The ID of the new VPC.

vpc-bp1vwnn14rqpyiczj****
SecurityGroupIdarrayNo

The ID of security group N to which the instance belongs after the VPC is changed. This parameter is required only when the VpcId parameter is specified.

  • The specified security groups must be of the same type.
  • You can specify one or more security groups. The valid values of N depend on the maximum number of security groups to which an instance can belong. For more information, see Limits .
  • The specified security groups must belong to the VPC specified by the VpcId parameter.
stringNo

The security group ID.

sg-o6w9l8bc8dgmkw87****

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The request ID.

473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

Examples

Sample success responses

JSONformat

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidTarget.TrafficMirrorSessionInstance is target of traffic mirror session.-
400InvalidSource.TrafficMirrorSessionInstance is source of traffic mirror session.-
400InvalidPrivateIpAddress.MalformedSpecified private IP address is malformed.The specified private IP address is invalid.
400InvalidPrivateIpAddress.DuplicatedSpecified private IP address is duplicated.-
400IncorrectVSwitchStatusThe current status of virtual switch does not support this operation.The specified vSwitch is in the Pending state and cannot be deleted.
400IncorrectInstanceStatusThe current status of instance does not support this operation.The instance is in a state that does not support the current operation.
400OperationDeniedSpecified operation is denied as your instance is not in VPC.The specified instance does not reside in a VPC.
400InvalidVSwitchId.MismatchSpecified instance and virtual switch are not in the same zone.The specified instance and vSwitch are not in the same zone.
400InvalidPrivateIpAddress.MismatchSpecified private IP address is not in the CIDR block of virtual switch.The specified private IP address is not in the CIDR block of the specified vSwitch.
400InvalidPrivateIp.ChangingPrevious action is not finished yet.The private IP address is being modified.
400InvalidPrivateIpAddress.DuplicatedThe specified IP address already exists on current ENI.-
400OperationDeniedThe operation is denied due to existence of an SNAT entity.-
400PrimaryEniHasSubIpPrimary network interface of the specified instance has more than one private ip.The primary ENI has multiple secondary private IP addresses.
400VSwitchIdNotMatchThe subnet of private ip is different to the instance, please unbind ha vip.-
400InvalidOperation.EniCountExceededThe number of ENIs in an enterprise security group has reached the maximum limit.-
400InvalidParameter.SecurityGroupIdSecurity group ids are invalid.Invalid security group ID
401InvalidOperation.SecurityGroupNotAuthorizedThe specified security group is not authorized to operate.You do not have permission to operate the current security group.
403OperationDeniedThe Specified operation is denied as your instance is locked for security reasons.The operation is denied because the instance is locked for security reasons.
403InvalidIp.Ipv6AssignedThe specified instance has been assigned IPv6 address.-
403OperationDenied%sThe operation is denied.
403SecurityGroupInstanceLimitExceed%s-
403InvalidInstance.HasTransitionRecordThe operation is denied because the specified instance has a migration plan.-
403InvalidInstanceStatus.NotNormalThe Specified operation is denied due to instance status.-
403InvalidVpcId.SharedVpcThe Specified operation is denied as your targe vpc is SharedVpc.-
403InvalidOperation.NotAllowedThe operation is denied because the specified VPC has advanced features enabled.-
403InvalidParameter.ToSecurityGroupId%s-
403InvalidOperation.ResourceManagedByCloudProduct%sYou cannot modify security groups managed by cloud services.
403InvalidOperation.VswAndEcsAvailabilityZoneMismatchSpecified instance and virtual switch are not in the same zone.The instance and the destination VSwitch do not belong to the same zone.
403InvalidOperation.CloudBoxEcsNotSupportCloud box ecs instance does not support modifying VPC.Cloud box instances do not support modifying VPC
404InvalidInstanceId.NotFoundThe specified InstanceId does not exist.The specified instance does not exist.
404InvalidVSwitchId.NotFoundSpecified virtual switch does not exist.The specified vSwitch ID does not exist.
404InvalidVSwitchId.NotFoundSpecified virtual switch is not found in current VPC.The specified vSwitch does not exist in the current VPC.
404NoSuchResourceThe specified resource is not found.The specified resource does not exist.
404InvalidParameter.InvalidInstanceIdThe specified InstanceId does not exist.-
404InvalidParameter.VSwitchIdThe specified virtual vswitch does not exist.The specified vSwitch does not exist.
404InvalidRegion.ValueNotSupportedThe specified Region does not exist.-
404InvalidInstance.AttachedEniThe Specified operation is denied due to elastic network interface.The VPC cannot be changed while the instance has secondary ENIs bound.
404InvalidIp.MultiPrimaryIpThe Specified operation is denied due to multi private ip.This operation is not allowed while the primary ENI has multiple private IP addresses.
404InvalidIp.Ipv6The Specified operation is denied due to ipv6.-
404InvalidVSwitch.NotBelongToVpc%s-
404InvalidParameter.EniNo%s-
404InvalidSecurityGroupId.NotFound%sThe specified security group ID does not exist.
404InvalidParameter.SecurityGroupIdRepeated%s-
404InvalidSecurityGroupType.NotSupportClassicThe specified SecurityGroupIds have classic group type.The specified security group is in the classic network. Check whether the specified SecurityGroupIds.N parameter is valid.
404InvalidSecurityGroupVpc.NotBelongToOneVpcThe specified SecurityGroupIds are belong to different vpc.The specified security groups belong to different VPCs. Check whether the specified SecurityGroupIds.N parameter is valid. You can call the DescribeSecurityGroups operation to query the VPCs to which the security groups belong.
404EnterpriseGroupLimited.MutliGroupTypeThe specified instance can not join multi SecurityGroup types.The specified instance cannot belong to both a basic and an advanced security group. You can call the DescribeSecurityGroups operation to query the type of security groups.
404InvalidParameter.AlreadyInTargetVpcThe specified instance is already in the destination VPC.-
404InvalidParameter.SecurityGroupIdThe specified SecurityGroupId.N is invalid or does not exist.-
404JoinedGroupLimitExceedThe specified instance has exceed quota of SecurityGroup.-
404InvalidParameter.MustBeEmptyThe specified parameter SecurityGroupId.N and VpcId need be empty.The SecurityGroupId.N and VpcId parameters must be left empty.
404InvalidParameter.NotEnoughIpInVSwitchThe specified virtual switch has not enough available ip.-
404InvalidDependence.MutliDirectlyEipThe Specified operation is denied due to multi directly Eips.-
404InvalidDependence.HaVipThe Specified operation is denied due to HaVip.-
404InvalidDependence.NextHopOfCustomRouterThe Specified operation is denied due to next hop of Custom Router.This operation is not allowed when the instance is the next hop of custom routes.
404InvalidDependence.BeenUsedAsAppServerThe Specified operation is denied due to AppServer.-
404InvalidDependence.GrantAccessThe Specified operation is denied due to grant access.The ECS instance may use other products (such as DBS, DTS, DMS, and Workbench), have records of authorization for other products, and have reverse access rules.
404InvalidDependence.BindGAThe Specified operation is denied due to GA.-
404InvalidDependence.SLBThe Specified operation is denied as your instance with alb or clb.The operation is denied because the instance is associated with an ALB instance or a CLB instance.
500InternalErrorThe request processing has failed due to some unknown error.An internal error has occurred. Try again later.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-07-03The Error code has changedView Change Details
2024-01-23The Error code has changedView Change Details
2023-12-19The Error code has changedView Change Details
2023-12-15The Error code has changedView Change Details
2023-04-27The Error code has changedView Change Details