Connects an on-premises network to a cloud service.
Operation description
Cloud services refer to Alibaba Cloud services that use the 100.64.0.0/10 CIDR block to provide services. These cloud services include Object Storage Service (OSS), Simple Log Service (SLS), and Data Transmission Service (DTS). If your on-premises network needs to access a cloud service, you must attach the virtual border router (VBR) or Cloud Connect Network (CCN) instance that is connected to your on-premises network to a Cloud Enterprise Network (CEN) instance. In addition, you must attach a virtual private cloud (VPC) that is deployed in the same region as the cloud service to the CEN instance. This way, your on-premises network can connect to the VPC that is deployed in the same region as the cloud service and access the cloud service through the VPC.
-
This operation is supported only by Basic Edition transit routers. An on-premises network associated with a VBR can use CEN to access only a cloud service that is deployed in the same region.
For example, if cloud services are deployed in the China (Beijing) region, only on-premises networks connected to VBRs in the China (Beijing) region can access the cloud services.
-
ResolveAndRouteServiceInCen is an asynchronous operation. After a request is sent, the system returns a request ID and runs the task in the background. You can call DescribeRouteServicesInCen to query the status of a cloud service.
- If the cloud service is in the Creating state, the connection to the cloud service is being created. In this case, you can query the cloud service but cannot perform other operations.
- If the cloud service is in the Active state, the connection to the cloud service is created.
- If the cloud service is in the Failed state, the connection to the cloud service failed.
Prerequisites
Before you call this operation, make sure that the following conditions are met:
- The VBR or CCN instance to which your on-premises network is connected is attached to a CEN instance.
- A VPC that is deployed in the same region as the cloud service is attached to the CEN instance. For more information, see AttachCenChildInstance .
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
cen:ResolveAndRouteServiceInCen | create | *CenInstance acs:cen:*:{#accountId}:ceninstance/{#ceninstanceId} |
| none |
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
ClientToken | string | No | The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters. Note
If you do not set this parameter, ClientToken is set to the value of RequestId. The value of RequestId for each API request may be different.
| 02fb3da4**** |
CenId | string | Yes | The ID of the CEN instance. | cen-ckwa2hhmuislse**** |
Host | string | Yes | The IP addresses or CIDR blocks of the cloud service. Note
In most cases, multiple IP addresses or CIDR blocks are assigned to a cloud service. We recommend that you call this operation multiple times to add all IP addresses and CIDR blocks of the cloud service.
| 100.118.28.0/24 |
HostRegionId | string | Yes | The ID of the region in which the cloud service is deployed. | cn-hangzhou |
HostVpcId | string | Yes | The ID of the VPC that is associated with the cloud service. | vpc-o6woh5s494zueq40v**** |
Description | string | No | The description of the cloud service. This parameter is optional. If you enter a description, it must be 1 to 256 characters in length and cannot start with http:// or https://. | descname |
AccessRegionIds | array | Yes | The IDs of the regions where the cloud service is accessed. | |
string | Yes | The ID of the region where the cloud service is accessed. You can call the DescribeChildInstanceRegions operation to query the most recent region list. | cn-hangzhou |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "C0245BEF-52AC-44A8-A776-EF96FD26A5CA"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | ParameterIllegal.Ipv6CloudRouteCidrNotAllow | Parameter Host not in valid ipv6 cidr. | The error message returned because the specified cloud service routes do not support IPv6. |
400 | ParameterIllegal.AccessRegionId | Parameter Access RegionId illegal. | The error message returned because the specified access region ID (AccessRegionId) is invalid. |
400 | ParameterIllegal.CloudRouteHost | Parameter Host is not valid. | The error message returned because the specified cloud route host (CloudRouteHost) is invalid. |
400 | ParameterIllegal.ClouteRouteNotSupportIpv6 | Parameter Host not support IPv6 | The error message returned because the specified cloud service routes do not support IPv6. |
400 | ParameterIllegal.ClouteRouteCidrNotAllow | Parameter Host not in 100.64.0.0/10 | The error message returned because the specified cloud service CIDR block is invalid. |
400 | CloudRoute.Exist | The Specified Cloud Route already Exists | The error message returned because the cloud service route already exists. |
400 | ParameterIllegal.Host | Parameter Host does not support domain. | - |
400 | CloudRoute.Conflict | The Specified Cloud Route Conflicts. | The error message returned because the routes of the cloud services conflict with each other. |
400 | CloudRoute.VpcNotAttached | The Specified Vpc instance is not attached to CEN. | The error message returned because the specified VPC is not associated with a CEN instance. |
400 | OperationUnsupported.TransitRouterType | The specified TransitRouterType does not support the operation. | The error message returned because this operation is not supported by the specified type of transit router. |
400 | ParameterIllegal.AccessRegionIdNoCCN | Parameter Access RegionId illegal. | The error message returned because the specified access region ID (AccessRegionId) is invalid. |
400 | IncorrectStatus.TransitRouter | The resource is not in a valid state for the operation. | The CEN TR instance is not in a valid state for the operation. Please try again later. |
400 | InvalidParameter | Invalid parameter. | The error message returned because the parameter is set to an invalid value. |
400 | Unauthorized | The AccessKeyId is unauthorized. | The error message returned because you do not have the permissions to perform this operation. |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation |
---|---|---|
2024-10-24 | The Error code has changed | View Change Details |
2022-12-22 | The Error code has changed | View Change Details |