Adds an SNAT entry to an SNAT table.
Operation description
You can call this operation to add SNAT entries to Internet NAT gateways and Virtual Private Cloud (VPC) NAT gateways. In this topic, a NAT gateway refers to both gateway types.
Before you call this operation, take note of the following limits:
-
CreateSnatEntry is an asynchronous operation. After a request is sent, the system returns a request ID and runs the task in the background. You can call the DescribeSnatTableEntries operation to query the status of the task.
- If the SNAT entry is in the Pending state, the system is adding the SNAT entry. You can only query the status of the SNAT entry, and cannot perform other operations.
- If the SNAT entry is in the Available state, the SNAT entry is added.
-
You cannot repeatedly call the CreateSnatEntry operation to add an SNAT entry to an SNAT table within the specified period of time.
-
The vSwitch and Elastic Compute Service (ECS) instance specified in an SNAT entry must be created in the VPC where the NAT gateway is deployed.
-
Each vSwitch or ECS instance can be specified in only one SNAT entry.
-
If a high-availability virtual IP address (HAVIP) exists in a vSwitch, you cannot create SNAT entries.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
vpc:CreateSnatEntry | create | *SnatEntry acs:vpc:{#regionId}:{#accountId}:snattable/* |
| none |
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
RegionId | string | Yes | The region ID of the NAT gateway. You can call the DescribeRegions operation to query the most recent region list. Valid values:
| cn-hangzhou |
SnatTableId | string | Yes | The ID of the SNAT table. | stb-bp190wu8io1vgev**** |
SourceVSwitchId | string | No | The ID of the vSwitch.
| vsw-bp1nhx2s9ui5o**** |
SourceCIDR | string | No | You can specify the CIDR block of a VPC, a vSwitch, or an ECS instance or enter a custom CIDR block. You can specify an SNAT entry in the following ways:
When you add an SNAT entry to an Internet NAT gateway, if SnatIp is set to an EIP, the ECS instance uses the specified EIP to access the Internet. If SnatIp is set to multiple EIPs, the ECS instance randomly selects an EIP specified in the SnatIp parameter to access the Internet. You cannot specify this parameter and SourceVSwtichId at the same time. If SourceVSwitchId is specified, you cannot specify SourceCIDR. If SourceCIDR is specified, you cannot specify SourceVSwitchId. | 10.1.1.0/24 |
SnatIp | string | Yes |
Note
If you specify multiple EIPs in the SNAT IP address pool, the service connection is allocated to multiple EIPs by using the hashing algorithm. The traffic of each EIP may be different. Therefore, we recommend that you associate the EIPs with an Internet Shared Bandwidth instance to prevent service interruptions caused by bandwidth exhaustion.
| 47.98.XX.XX |
SnatEntryName | string | No | The name of the SNAT entry. The name must be 2 to 128 characters in length. It must start with a letter but cannot start with | SnatEntry-1 |
ClientToken | string | No | The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The ** Description If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request. | 02fb3da4-130e-11e9-8e44**** |
EipAffinity | integer | No | Specifies whether to enable EIP affinity. Valid values:
** Description After you enable EIP affinity, if multiple EIPs are associated with an SNAT entry, each client uses one EIP to access the Internet. If EIP affinity is disabled, each client uses a random EIP to access the Internet. | 1 |
Response parameters
Examples
Sample success responses
JSON
format
{
"SnatEntryId": "snat-kmd6nv8fy****",
"RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | UnsupportedFeature.PrivateLinkEnabled | The feature of PrivateLinkEnabled is not supported. | - |
400 | InvalidSourceCIDR.Malformed | SourceCIDR is illegal. | - |
400 | NOT_ALLOW_USE_SOURCECIDR_OUTSIDEVPC | The User not in sourcecidr_unlimited_outsidevpc white list. Cannot use SourceCidr outside VpcCidr. | - |
400 | NOT_ALLOW_USE_SOURCECIDR_AUTODEFINE | The User not in sourcecidr_unlimited_insidevpc white list. Cannot use SourceCidr auto defined. | - |
400 | NOT_ALLOW_USE_SOURCECIDR_CONTAINSZERO | The User not in sourcecidr_unlimited_outsidevpc_containszero white list. Cannot use SourceCidr outside VpcCidr. | - |
400 | Forbidden.IpHasBeenUsedInDnat | The snat ip can't be used. Because it has been used in dnat | - |
400 | Forbidden.SourceVSwitchId.IncludeHaVip | There is some HaVips under specified VSwitch | The specified vSwitch is associated with HAVIPs. |
400 | InvalidSnatIp.Malformed | The specified SnatIp is not a valid IP address. | The specified EIP is invalid. |
400 | SNAT_IP_POOL_COUNT_TOO_MANY | The Snat pool ip too many. | The number of IP addresses has reached the upper limit supported by the SNAT IP address pool. |
400 | Forbidden.SnatEntryCountLimited | SNAT entry in the specified SNAT table reach its limit. | The number of SNAT entries has reached the upper limit. |
400 | NOT_ALLOW_USE_SOURCECIDR | The User not in nat_scope_unlimited white list. Cannot use SourceCidr param. | The private IP address does not fall within the VPC CIDR block. |
400 | INVALID_PARAMETER | The parameter invalid. | A parameter is set to an invalid value. |
400 | Forbidden.SourceVSwitchId.Duplicated | The specified SourceCIDRis duplicated. | An SNAT entry is already created for the specified vSwitch. |
400 | Forbidden.IpUsedInForwardTable | The specified SnatIp already used in forward table | The specified EIP is already used by a DNAT entry. Select another EIP or delete the DNAT rule that uses the specified EIP. |
400 | Forbindden | The specified Instance already bind eip | The ECS instance is associated with an EIP. Disassociate the EIP from the ECS instance before you create forwarding rules. |
400 | EIP_NOT_SUPPORT_SNAT_POOL | The Eip cannot support snat pool | - |
400 | EIP_NOT_IN_GATEWAY | The Eip not in nat gateway | - |
400 | OperationUnsupported.CidrConflict | The specified CIDR block conflicts with an existing SNAT entry. | The specified CIDR block conflicts with those in existing SNAT entries. |
400 | OperationUnsupported.EipNatIpCheck | %s | - |
400 | OperationUnsupported.EipNatBWPCheck | %s | - |
400 | OperationUnsupported.EipNatGWCheck | %s | - |
400 | OperationFailed.SnatIpPoolBwpRules | %s | - |
400 | OperationFailed.SnatIpsCheck | %s | - |
400 | OperationFailed.SnatIpPoolCbwpRules | %s | - |
400 | CreateSnatEntry.ParamExclusive.sourceVSwitchIdAndsourceCIDR | %s | - |
400 | InvalidNatGatewayId.NotFound | The NatGateway instance not exist. | - |
400 | InvalidParameter.Name.Malformed | The specified Name is not valid. | The specified name format is invalid. Enter the name in the valid format. |
400 | InvalidParameter.SnatIp | Ip semgment must be subnet cidr. | - |
400 | InvalidParameter.SnatIp | Error public ip must in same bandwidth package. | - |
400 | InvalidNatGatewayId.NotFound | Error natgateway not exist. | - |
400 | IncorrectStatus.SnatEntry | %s | - |
400 | QuotaExceeded.SnatIp | Public ip number exceeds quota. | - |
400 | OperationUnsupported.EipInBinding | Create snat entry with eip in associating status is unsupported. | You cannot use an associated EIP when you create an SNAT entry. |
400 | OperationFailed.VSwitchNotInVpc | The specified vswitch and natgateway are not in the same vpc. | - |
400 | QuotaExceeded.SnatEntry | SNAT entry in the specified SNAT table reach it?s limit. | - |
400 | IncorrectStatus.NatIp | %s | - |
400 | IncorrectStatus.NATGW | NATGW status is invalid. | The NAT gateway is in an invalid state. |
404 | InvalidRegionId.NotFound | The specified RegionId does not exist in our records. | The specified region ID does not exist. |
404 | InvalidSnatTableId.NotFound | Specified SNAT table does not exist. | The specified SNAT table does not exist. |
404 | InvalidVSwitchId.NotFound | The specified virtual switch does not exists. | The vSwitch does not exist. |
404 | InvalidSnatIp.NotFound | Specified SnatIp does not found on the NAT Gateway | The public IP address does not exist in the NAT gateway. |
404 | ResourceNotFound.NatGateway | The NatGateway instance not exist. | The NAT gateway does not exist. |
404 | ResourceNotFound.NatIp | The NatIp instance not exist. | - |
500 | DefaultValidate.Error | validte fail. | - |
500 | OperationFailed.CrateSnatEntryTimeOut | Operation failed because create snatEntry timeout. | - |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation |
---|---|---|
2024-12-03 | The Error code has changed. The request parameters of the API has changed | View Change Details |
2024-08-09 | The Error code has changed. The request parameters of the API has changed | View Change Details |
2024-01-18 | The Error code has changed | View Change Details |
2023-09-18 | API Description Update. The Error code has changed | View Change Details |
2023-03-01 | The Error code has changed | View Change Details |