All Products
Search
Document Center

Virtual Private Cloud:CreateFlowLog

Last Updated:Aug 29, 2024

Creates a flow log.

Operation description

CreateFlowLog is an asynchronous operation. After a request is sent, the system returns a request ID and runs the task in the background. You can call the DescribeFlowLogs operation to query the status of the flow log.

  • If the flow log is in the Activating state, the flow log is being created.
  • If the flow log is in the Active state, the flow log is created and started.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
vpc:CreateFlowLogcreate
  • VSwitch
    acs:vpc:{#regionid}:{#accountId}:vswitch/{#VSwitchId}
  • FlowLog
    acs:vpc:{#regionId}:{#accountId}:flowlog/*
  • VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringYes

The ID of the region where you want to create the flow log. You can call the DescribeRegions operation to query the most recent region list.

cn-qingdao
FlowLogNamestringNo

The name of the flow log.

The name must be 1 to 128 characters in length and cannot start with http:// or https://.

myFlowlog
DescriptionstringNo

The description of the flow log.

The description must be 1 to 256 characters in length and cannot start with http:// or https://.

This is my Flowlog.
ResourceTypestringYes

The type of the resource whose traffic you want to capture. Valid values:

  • NetworkInterface: elastic network interface (ENI)
  • VSwitch: all ENIs in a vSwitch
  • VPC: all ENIs in a virtual private cloud (VPC)
NetworkInterface
ResourceIdstringYes

The ID of the resource whose traffic you want to capture.

eni-askldfas****
TrafficTypestringYes

The type of traffic that you want to capture. Valid values:

  • All: all traffic
  • Allow: traffic that is allowed
  • Drop: traffic that is rejected
All
ProjectNamestringYes

The name of the project that stores the captured traffic data.

  • The name can contain only lowercase letters, digits, and hyphens (-).
  • The name must start and end with a lowercase letter or a digit.
  • The name must be 3 to 63 characters in length.
FlowLogProject
LogStoreNamestringYes

The name of the Logstore that stores the captured traffic data.

  • The name can contain only lowercase letters, digits, hyphens (-), and underscores (_).
  • The name must start and end with a lowercase letter or a digit.
  • The name must be 3 to 63 characters in length.
FlowLogStore
AggregationIntervalintegerNo

The sampling interval of the flow log. Unit: seconds. Valid values: 1, 5, and 10 (default).

10
TrafficPatharrayNo

The scope of the traffic that you want to capture. Valid values:

  • all: all traffic.
  • internetGateway: Internet traffic.
stringNo

The scope of the traffic that you want to capture. Valid values:

  • all (default): all traffic.
Note By default, this parameter is unavailable. To use this parameter, submit a ticket.
all
ResourceGroupIdstringNo

The ID of the resource group.

rg-acfmxazdjdhd****
Tagarray<object>No

The tag of the resource.

objectNo
KeystringNo

The key of tag N to add to the resource. You can specify up to 20 tag keys. The tag key cannot be an empty string.

The tag key can be at most 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

FinanceDept
ValuestringNo

The value of tag N to add to the resource. You can specify at most 20 tag values. The tag value can be an empty string.

The tag value can be up to 128 characters in length and cannot contain http:// or https://. The tag value cannot start with aliyun or acs:.

FinanceJoshua

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request.

54B48E3D-DF70-471B-AA93-08E683A1B457
Successstring

Indicates whether the operation is successful. Valid values:

  • true: yes
  • false: no
true
FlowLogIdstring

The ID of the flow log.

fl-m5e8vhz2t21sel1nq****
ResourceGroupIdstring

The ID of the resource group.

rg-acfmxazdjdhd****

Examples

Sample success responses

JSONformat

{
  "RequestId": "54B48E3D-DF70-471B-AA93-08E683A1B457",
  "Success": "true",
  "FlowLogId": "fl-m5e8vhz2t21sel1nq****",
  "ResourceGroupId": "rg-acfmxazdjdhd****"
}

Error codes

HTTP status codeError codeError messageDescription
400IncorrectBusinessStatus.FlowLogThe business status of flowLog is incorrect.The error message returned because you cannot create flow logs in the current business state.
400OptInRequired.FlowLogYou are not authorized to use the requested service of flowLog. Ensure that you have subscribed to the service you are trying to use.The error message returned because you do not have the permissions to use the flow log feature. Make sure that the flow log feature is already enabled.
400OperationUnsupported.AdvancedFeatureAdvanced features of the vpc is unsupported.This advanced feature is not supported.
400InvalidInstanceIdvswitch does not exist.The error message returned because the vSwitch does not exist.
400InvalidInstanceIdNetworkInterface does not exist.The error message returned because the ENI does not exist.
400InvalidInstanceIdVPC does not exists.The error message returned because the VPC does not exist.
400ProjectOrLogstoreNotExistThe specified project or logstore does not exist.The error message returned because the specified project or Logstore does not exist.
400SourceProjectNotExistThe Source Project or logstore does not exist.The error message returned because the source project or Logstore does not exist.
400UnauthorizedThis api does not support sub user or role.The error message returned because you cannot call this operation as a RAM user.
400OperationUnsupported.actionThis action is not support.The error message returned because the operation is not supported.
400ParameterInvalidInvalid parameter.The error message returned because a parameter is invalid.
400RuleExistThe rule has already existed.-
400InvalidHdMonitorStatusCurrent instance status is not valid for this action.-
400QuotaExceeded.FlowlogCountThis user has reached the maximum instance number of flowlog.The number of flow logs reaches the upper limit.
400InvalidResourceId.NotFoundThis resourceId already has flowlog instance existed.A flow log is already enabled for the resource.
400INVALID_PARAMETERThe parameter invalid.A parameter is set to an invalid value.
400MissingParameterMissing mandatory parameterRequired parameters are not specified. Check whether you have specified all required parameters before you call this operation.
400InvalidRegionId.NotFoundThe RegionId provided does not exist in our records.The RegionId parameter is set to an invalid value. Specify a valid value and try again.
400InvalidResourceType.NotFoundResource type no the same.-
400OperationUnsupported.ResourceTypeThis resource type is not supported.-
400IllegalParam.AggregationIntervalThe param of aggregationInterval is illegal.-
400UnsupportedFeature.UserDefinedTrafficPathThe feature of UserDefinedTrafficPath is not supported.The current user does not have the permissions to specify trafficPath.
400IllegalParam.TrafficPathThe param of trafficPath is illegal.TrafficPath.N is set to an invalid value.
400DuplicatedParam.TrafficPathThe param of trafficPath is duplicated.The value of TrafficPath.N is duplicate.
400IllegalParam.ResourceGroupIdInvalid ResourceGroupld value.The specified resource group is invalid or does not exist.
400OperationDenied.OperateShareResourceThe operation is not allowed because of OperateShareResource.Operating on shared resources causes the operation to fail

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-04-28The Error code has changedView Change Details
2023-07-05The Error code has changed. The request parameters of the API has changedView Change Details
2023-05-18The Error code has changedView Change Details
2021-11-17The Error code has changed. The request parameters of the API has changedView Change Details