All Products
Search
Document Center

:CreateNetworkAcl

更新時間:Aug 16, 2023

Creates a network access control list (ACL).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
VpcId String Yes vpc-dsfd34356vdf****

The ID of the virtual private cloud (VPC) to which the network ACL belongs.

If the VPC contains Elastic Compute Service (ECS) instances of the following instance families, you must upgrade the ECS instances or release the ECS instances. Otherwise, you cannot create a network ACL for the VPC.

ecs.c1, ecs.c2, ecs.c4, ecs.c5, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

Note If your VPC contains ECS instances of the preceding instance families and you create a network ACL for the VPC, you must upgrade the ECS instances. Otherwise, the network ACL cannot work as expected.
NetworkAclName String No acl-1

The name of the network ACL.

The name must be 1 to 128 characters in length and cannot start with http:// or https://.

Description String No This is my NetworkAcl.

The description of the network ACL.

The description must be 1 to 256 characters in length, and cannot start with http:// or https://.

RegionId String Yes cn-hangzhou

The region ID of the network ACL.

You can call the DescribeRegions operation to query the most recent region list.

Tag.N.Key String No FinanceDept

The key of tag N to add to the resource. You can specify at most 20 tag keys. The tag key cannot be an empty string.

A tag key can be at most 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

Tag.N.Value String No FinanceJoshua

The value of tag N to add to the resource. You can specify at most 20 tag values. The tag value can be an empty string.

The tag value can be up to 128 characters in length, and cannot contain http:// or https://. The tag value cannot start with aliyun or acs:.

ClientToken String No 0c593ea1-3bea-11e9-b96b-88e9fe637760

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters.

Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
Action String Yes CreateNetworkAcl

The operation that you want to perform. Set the value to CreateNetworkAcl.

Response parameters

Parameter Type Example Description
NetworkAclId String nacl-a2do9e413e0spzasx****

The ID of the network ACL.

RequestId String 0ED8D006-F706-4D23-88ED-E11ED28DCAC0

The request ID.

NetworkAclAttribute Object

The attributes of the network ACL.

Status String Modifying

The status of the network ACL. Valid values:

  • Available
  • Modifying
VpcId String vpc-a2d33rfpl72k5xsscd****

The ID of the VPC to which the network ACL belongs.

CreationTime String 2021-12-25 11:33:27

The time when the network ACL was created.

Description String This is my NetworkAcl.

The description of the network ACL.

NetworkAclName String acl-1

The name of the network ACL.

NetworkAclId String nacl-a2do9e413e0spdefr****

The ID of the network ACL.

RegionId String cn-hangzhou

The region ID of the network ACL.

IngressAclEntries Array of IngressAclEntry

The list of inbound rules.

IngressAclEntry
NetworkAclEntryId String nae-a2dk86arlydmexscd****

The ID of the inbound rule.

NetworkAclEntryName String acl-3

The name of the inbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept
  • drop
Description String This is IngressAclEntries.

The description of the inbound rule.

SourceCidrIp String 10.0.0.0/24

The source CIDR block.

Protocol String all

The protocol. Valid values:

  • icmp
  • gre
  • tcp
  • udp
  • all
Port String -1/-1

The destination port range of the inbound traffic.

  • If Protocol of the inbound rule is set to all, icmp, or gre, the port range is -1/-1, which indicates all ports.
  • If Protocol of the inbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80, which indicates port 1 to port 200, or port 80. Valid values for a port: 1 to 65535.
EgressAclEntries Array of EgressAclEntry

The list of outbound rules.

EgressAclEntry
NetworkAclEntryId String nae-a2d447uw4tillxsdc****

The ID of the outbound rule.

NetworkAclEntryName String acl-2

The name of the outbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept
  • drop
Description String This is EgressAclEntries.

The description of the outbound rule.

Protocol String all

The protocol. Valid values:

  • icmp
  • gre
  • tcp
  • udp
  • all
DestinationCidrIp String 10.0.0.0/24

The destination CIDR block.

Port String -1/-1

The destination port range of the outbound traffic.

  • If Protocol of the outbound rule is set to all, icmp, or gre, the port range is -1/-1, which indicates all ports.
  • If Protocol of the outbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80, which indicates port 1 to port 200, or port 80. Valid values for a port: 1 to 65535.
Resources Array of Resource

The information about the associated resources.

Resource
Status String BINDED

The association status of the resource. Valid values:

  • BINDED
  • BINDING
  • UNBINDING
ResourceType String VSwitch

The type of the associated resource.

ResourceId String vsw-bp1de348lntdwgthy****

The ID of the associated resource.

Examples

Sample requests

http(s)://[Endpoint]/?VpcId=vpc-dsfd34356vdf****
&NetworkAclName=acl-1
&Description=This is my NetworkAcl.
&RegionId=cn-hangzhou
&Tag=[{"Key":"FinanceDept","Value":"FinanceJoshua"}]
&ClientToken=0c593ea1-3bea-11e9-b96b-88e9fe637760
&Action=CreateNetworkAcl
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateNetworkAclResponse>
    <NetworkAclId>nacl-a2do9e413e0spzasx****</NetworkAclId>
    <RequestId>0ED8D006-F706-4D23-88ED-E11ED28DCAC0</RequestId>
    <NetworkAclAttribute>
        <Status>Modifying</Status>
        <VpcId>vpc-a2d33rfpl72k5xsscd****</VpcId>
        <CreationTime>2021-12-25 11:33:27</CreationTime>
        <Description>This is my NetworkAcl.</Description>
        <NetworkAclName>acl-1	</NetworkAclName>
        <NetworkAclId>nacl-a2do9e413e0spdefr****</NetworkAclId>
        <RegionId>cn-hangzhou	</RegionId>
        <IngressAclEntries>
            <NetworkAclEntryId>nae-a2dk86arlydmexscd****</NetworkAclEntryId>
            <NetworkAclEntryName>acl-3	</NetworkAclEntryName>
            <Policy>accept</Policy>
            <Description>This is IngressAclEntries.	</Description>
            <SourceCidrIp>10.0.0.0/24	</SourceCidrIp>
            <Protocol>all</Protocol>
            <Port>-1/-1</Port>
        </IngressAclEntries>
        <EgressAclEntries>
            <NetworkAclEntryId>nae-a2d447uw4tillxsdc****</NetworkAclEntryId>
            <NetworkAclEntryName>acl-2</NetworkAclEntryName>
            <Policy>accept</Policy>
            <Description>This is EgressAclEntries.</Description>
            <Protocol>all</Protocol>
            <DestinationCidrIp>10.0.0.0/24</DestinationCidrIp>
            <Port>-1/-1	</Port>
        </EgressAclEntries>
        <Resources>
            <Status>BINDED</Status>
            <ResourceType>VSwitch</ResourceType>
            <ResourceId>vsw-bp1de348lntdwgthy****</ResourceId>
        </Resources>
    </NetworkAclAttribute>
</CreateNetworkAclResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "NetworkAclId" : "nacl-a2do9e413e0spzasx****",
  "RequestId" : "0ED8D006-F706-4D23-88ED-E11ED28DCAC0",
  "NetworkAclAttribute" : {
    "Status" : "Modifying",
    "VpcId" : "vpc-a2d33rfpl72k5xsscd****",
    "CreationTime" : "2021-12-25 11:33:27",
    "Description" : "This is my NetworkAcl.",
    "NetworkAclName" : "acl-1\t",
    "NetworkAclId" : "nacl-a2do9e413e0spdefr****",
    "RegionId" : "cn-hangzhou\t",
    "IngressAclEntries" : [ {
      "NetworkAclEntryId" : "nae-a2dk86arlydmexscd****",
      "NetworkAclEntryName" : "acl-3\t",
      "Policy" : "accept",
      "Description" : "This is IngressAclEntries.\t",
      "SourceCidrIp" : "10.0.0.0/24\t",
      "Protocol" : "all",
      "Port" : "-1/-1"
    } ],
    "EgressAclEntries" : [ {
      "NetworkAclEntryId" : "nae-a2d447uw4tillxsdc****",
      "NetworkAclEntryName" : "acl-2",
      "Policy" : "accept",
      "Description" : "This is EgressAclEntries.",
      "Protocol" : "all",
      "DestinationCidrIp" : "10.0.0.0/24",
      "Port" : "-1/-1\t"
    } ],
    "Resources" : [ {
      "Status" : "BINDED",
      "ResourceType" : "VSwitch",
      "ResourceId" : "vsw-bp1de348lntdwgthy****"
    } ]
  }
}

Error codes

HttpCode Error code Error message Description
400 ParameterLengthIllegal.Name ParameterLengthIllegal.Name The length of the rule name is invalid.
400 ParameterIllegal.Name ParameterIllegal.Name The name of the entry is invalid.
500 InternalError The request processing has failed due to some unknown error. Some unknown errors occurred.

For a list of error codes, see Service error codes.