CreateNetworkAcl -

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter	Type	Required	Example	Description
VpcId	String	Yes	vpc-dsfd34356vdf****	The ID of the virtual private cloud (VPC) to which the network ACL belongs. If the VPC contains Elastic Compute Service (ECS) instances of the following instance families, you must upgrade the ECS instances or release the ECS instances. Otherwise, you cannot create a network ACL for the VPC. ecs.c1, ecs.c2, ecs.c4, ecs.c5, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. For more information about how to upgrade an ECS instance, see Upgrade subscription instances and Change the specifications of pay-as-you-go instances. For more information about how to release an ECS instance, see Release an ECS instance. Note If your VPC contains ECS instances of the preceding instance families and you create a network ACL for the VPC, you must upgrade the ECS instances. Otherwise, the network ACL cannot work as expected.
NetworkAclName	String	No	acl-1	The name of the network ACL. The name must be 1 to 128 characters in length and cannot start with `http://` or `https://`.
Description	String	No	This is my NetworkAcl.	The description of the network ACL. The description must be 1 to 256 characters in length, and cannot start with `http://` or `https://`.
RegionId	String	Yes	cn-hangzhou	The region ID of the network ACL. You can call the DescribeRegions operation to query the most recent region list.
Tag.N.Key	String	No	FinanceDept	The key of tag N to add to the resource. You can specify at most 20 tag keys. The tag key cannot be an empty string. A tag key can be at most 128 characters in length. It cannot start with `aliyun` or `acs:`, and cannot contain `http://` or `https://`.
Tag.N.Value	String	No	FinanceJoshua	The value of tag N to add to the resource. You can specify at most 20 tag values. The tag value can be an empty string. The tag value can be up to 128 characters in length, and cannot contain `http://` or `https://`. The tag value cannot start with `aliyun` or `acs:`.
ClientToken	String	No	0c593ea1-3bea-11e9-b96b-88e9fe637760	The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
Action	String	Yes	CreateNetworkAcl	The operation that you want to perform. Set the value to CreateNetworkAcl.

Response parameters

Parameter	Type	Example	Description
NetworkAclId	String	nacl-a2do9e413e0spzasx****	The ID of the network ACL.
RequestId	String	0ED8D006-F706-4D23-88ED-E11ED28DCAC0	The request ID.
NetworkAclAttribute	Object		The attributes of the network ACL.
Status	String	Modifying	The status of the network ACL. Valid values: Available Modifying
VpcId	String	vpc-a2d33rfpl72k5xsscd****	The ID of the VPC to which the network ACL belongs.
CreationTime	String	2021-12-25 11:33:27	The time when the network ACL was created.
Description	String	This is my NetworkAcl.	The description of the network ACL.
NetworkAclName	String	acl-1	The name of the network ACL.
NetworkAclId	String	nacl-a2do9e413e0spdefr****	The ID of the network ACL.
RegionId	String	cn-hangzhou	The region ID of the network ACL.
IngressAclEntries	Array of IngressAclEntry		The list of inbound rules.
IngressAclEntry
NetworkAclEntryId	String	nae-a2dk86arlydmexscd****	The ID of the inbound rule.
NetworkAclEntryName	String	acl-3	The name of the inbound rule.
Policy	String	accept	The action to be performed on network traffic that matches the rule. Valid values: accept drop
Description	String	This is IngressAclEntries.	The description of the inbound rule.
SourceCidrIp	String	10.0.0.0/24	The source CIDR block.
Protocol	String	all	The protocol. Valid values: icmp gre tcp udp all
Port	String	-1/-1	The destination port range of the inbound traffic. If Protocol of the inbound rule is set to all, icmp, or gre, the port range is -1/-1, which indicates all ports. If Protocol of the inbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80, which indicates port 1 to port 200, or port 80. Valid values for a port: 1 to 65535.
EgressAclEntries	Array of EgressAclEntry		The list of outbound rules.
EgressAclEntry
NetworkAclEntryId	String	nae-a2d447uw4tillxsdc****	The ID of the outbound rule.
NetworkAclEntryName	String	acl-2	The name of the outbound rule.
Policy	String	accept	The action to be performed on network traffic that matches the rule. Valid values: accept drop
Description	String	This is EgressAclEntries.	The description of the outbound rule.
Protocol	String	all	The protocol. Valid values: icmp gre tcp udp all
DestinationCidrIp	String	10.0.0.0/24	The destination CIDR block.
Port	String	-1/-1	The destination port range of the outbound traffic. If Protocol of the outbound rule is set to all, icmp, or gre, the port range is -1/-1, which indicates all ports. If Protocol of the outbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80, which indicates port 1 to port 200, or port 80. Valid values for a port: 1 to 65535.
Resources	Array of Resource		The information about the associated resources.
Resource
Status	String	BINDED	The association status of the resource. Valid values: BINDED BINDING UNBINDING
ResourceType	String	VSwitch	The type of the associated resource.
ResourceId	String	vsw-bp1de348lntdwgthy****	The ID of the associated resource.

Examples

Sample requests

http(s)://[Endpoint]/?VpcId=vpc-dsfd34356vdf****
&NetworkAclName=acl-1
&Description=This is my NetworkAcl.
&RegionId=cn-hangzhou
&Tag=[{"Key":"FinanceDept","Value":"FinanceJoshua"}]
&ClientToken=0c593ea1-3bea-11e9-b96b-88e9fe637760
&Action=CreateNetworkAcl
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateNetworkAclResponse>
    <NetworkAclId>nacl-a2do9e413e0spzasx****</NetworkAclId>
    <RequestId>0ED8D006-F706-4D23-88ED-E11ED28DCAC0</RequestId>
    <NetworkAclAttribute>
        <Status>Modifying</Status>
        <VpcId>vpc-a2d33rfpl72k5xsscd****</VpcId>
        <CreationTime>2021-12-25 11:33:27</CreationTime>
        <Description>This is my NetworkAcl.</Description>
        <NetworkAclName>acl-1	</NetworkAclName>
        <NetworkAclId>nacl-a2do9e413e0spdefr****</NetworkAclId>
        <RegionId>cn-hangzhou	</RegionId>
        <IngressAclEntries>
            <NetworkAclEntryId>nae-a2dk86arlydmexscd****</NetworkAclEntryId>
            <NetworkAclEntryName>acl-3	</NetworkAclEntryName>
            <Policy>accept</Policy>
            <Description>This is IngressAclEntries.	</Description>
            <SourceCidrIp>10.0.0.0/24	</SourceCidrIp>
            <Protocol>all</Protocol>
            <Port>-1/-1</Port>
        </IngressAclEntries>
        <EgressAclEntries>
            <NetworkAclEntryId>nae-a2d447uw4tillxsdc****</NetworkAclEntryId>
            <NetworkAclEntryName>acl-2</NetworkAclEntryName>
            <Policy>accept</Policy>
            <Description>This is EgressAclEntries.</Description>
            <Protocol>all</Protocol>
            <DestinationCidrIp>10.0.0.0/24</DestinationCidrIp>
            <Port>-1/-1	</Port>
        </EgressAclEntries>
        <Resources>
            <Status>BINDED</Status>
            <ResourceType>VSwitch</ResourceType>
            <ResourceId>vsw-bp1de348lntdwgthy****</ResourceId>
        </Resources>
    </NetworkAclAttribute>
</CreateNetworkAclResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "NetworkAclId" : "nacl-a2do9e413e0spzasx****",
  "RequestId" : "0ED8D006-F706-4D23-88ED-E11ED28DCAC0",
  "NetworkAclAttribute" : {
    "Status" : "Modifying",
    "VpcId" : "vpc-a2d33rfpl72k5xsscd****",
    "CreationTime" : "2021-12-25 11:33:27",
    "Description" : "This is my NetworkAcl.",
    "NetworkAclName" : "acl-1\t",
    "NetworkAclId" : "nacl-a2do9e413e0spdefr****",
    "RegionId" : "cn-hangzhou\t",
    "IngressAclEntries" : [ {
      "NetworkAclEntryId" : "nae-a2dk86arlydmexscd****",
      "NetworkAclEntryName" : "acl-3\t",
      "Policy" : "accept",
      "Description" : "This is IngressAclEntries.\t",
      "SourceCidrIp" : "10.0.0.0/24\t",
      "Protocol" : "all",
      "Port" : "-1/-1"
    } ],
    "EgressAclEntries" : [ {
      "NetworkAclEntryId" : "nae-a2d447uw4tillxsdc****",
      "NetworkAclEntryName" : "acl-2",
      "Policy" : "accept",
      "Description" : "This is EgressAclEntries.",
      "Protocol" : "all",
      "DestinationCidrIp" : "10.0.0.0/24",
      "Port" : "-1/-1\t"
    } ],
    "Resources" : [ {
      "Status" : "BINDED",
      "ResourceType" : "VSwitch",
      "ResourceId" : "vsw-bp1de348lntdwgthy****"
    } ]
  }
}

Error codes

HttpCode	Error code	Error message	Description
400	ParameterLengthIllegal.Name	ParameterLengthIllegal.Name	The length of the rule name is invalid.
400	ParameterIllegal.Name	ParameterIllegal.Name	The name of the entry is invalid.
500	InternalError	The request processing has failed due to some unknown error.	Some unknown errors occurred.

For a list of error codes, see Service error codes.