Creates a network access control list (ACL).
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
VpcId | String | Yes | vpc-dsfd34356vdf**** | The ID of the virtual private cloud (VPC) to which the network ACL belongs. If the VPC contains Elastic Compute Service (ECS) instances of the following instance families, you must upgrade the ECS instances or release the ECS instances. Otherwise, you cannot create a network ACL for the VPC. ecs.c1, ecs.c2, ecs.c4, ecs.c5, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.
Note If your VPC contains ECS instances of the preceding instance families and you create a network ACL for the VPC, you must upgrade the ECS instances. Otherwise, the network ACL cannot work as expected. |
NetworkAclName | String | No | acl-1 | The name of the network ACL. The name must be 1 to 128 characters in length and cannot start with |
Description | String | No | This is my NetworkAcl. | The description of the network ACL. The description must be 1 to 256 characters in length, and cannot start with |
RegionId | String | Yes | cn-hangzhou | The region ID of the network ACL. You can call the DescribeRegions operation to query the most recent region list. |
Tag.N.Key | String | No | FinanceDept | The key of tag N to add to the resource. You can specify at most 20 tag keys. The tag key cannot be an empty string. A tag key can be at most 128 characters in length. It cannot start with |
Tag.N.Value | String | No | FinanceJoshua | The value of tag N to add to the resource. You can specify at most 20 tag values. The tag value can be an empty string. The tag value can be up to 128 characters in length, and cannot contain |
ClientToken | String | No | 0c593ea1-3bea-11e9-b96b-88e9fe637760 | The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request. |
Action | String | Yes | CreateNetworkAcl | The operation that you want to perform. Set the value to CreateNetworkAcl. |
Response parameters
Parameter | Type | Example | Description |
NetworkAclId | String | nacl-a2do9e413e0spzasx**** | The ID of the network ACL. |
RequestId | String | 0ED8D006-F706-4D23-88ED-E11ED28DCAC0 | The request ID. |
NetworkAclAttribute | Object | The attributes of the network ACL. |
|
Status | String | Modifying | The status of the network ACL. Valid values:
|
VpcId | String | vpc-a2d33rfpl72k5xsscd**** | The ID of the VPC to which the network ACL belongs. |
CreationTime | String | 2021-12-25 11:33:27 | The time when the network ACL was created. |
Description | String | This is my NetworkAcl. | The description of the network ACL. |
NetworkAclName | String | acl-1 | The name of the network ACL. |
NetworkAclId | String | nacl-a2do9e413e0spdefr**** | The ID of the network ACL. |
RegionId | String | cn-hangzhou | The region ID of the network ACL. |
IngressAclEntries | Array of IngressAclEntry | The list of inbound rules. |
|
IngressAclEntry | |||
NetworkAclEntryId | String | nae-a2dk86arlydmexscd**** | The ID of the inbound rule. |
NetworkAclEntryName | String | acl-3 | The name of the inbound rule. |
Policy | String | accept | The action to be performed on network traffic that matches the rule. Valid values:
|
Description | String | This is IngressAclEntries. | The description of the inbound rule. |
SourceCidrIp | String | 10.0.0.0/24 | The source CIDR block. |
Protocol | String | all | The protocol. Valid values:
|
Port | String | -1/-1 | The destination port range of the inbound traffic.
|
EgressAclEntries | Array of EgressAclEntry | The list of outbound rules. |
|
EgressAclEntry | |||
NetworkAclEntryId | String | nae-a2d447uw4tillxsdc**** | The ID of the outbound rule. |
NetworkAclEntryName | String | acl-2 | The name of the outbound rule. |
Policy | String | accept | The action to be performed on network traffic that matches the rule. Valid values:
|
Description | String | This is EgressAclEntries. | The description of the outbound rule. |
Protocol | String | all | The protocol. Valid values:
|
DestinationCidrIp | String | 10.0.0.0/24 | The destination CIDR block. |
Port | String | -1/-1 | The destination port range of the outbound traffic.
|
Resources | Array of Resource | The information about the associated resources. |
|
Resource | |||
Status | String | BINDED | The association status of the resource. Valid values:
|
ResourceType | String | VSwitch | The type of the associated resource. |
ResourceId | String | vsw-bp1de348lntdwgthy**** | The ID of the associated resource. |
Examples
Sample requests
http(s)://[Endpoint]/?VpcId=vpc-dsfd34356vdf****
&NetworkAclName=acl-1
&Description=This is my NetworkAcl.
&RegionId=cn-hangzhou
&Tag=[{"Key":"FinanceDept","Value":"FinanceJoshua"}]
&ClientToken=0c593ea1-3bea-11e9-b96b-88e9fe637760
&Action=CreateNetworkAcl
&Common request parameters
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<CreateNetworkAclResponse>
<NetworkAclId>nacl-a2do9e413e0spzasx****</NetworkAclId>
<RequestId>0ED8D006-F706-4D23-88ED-E11ED28DCAC0</RequestId>
<NetworkAclAttribute>
<Status>Modifying</Status>
<VpcId>vpc-a2d33rfpl72k5xsscd****</VpcId>
<CreationTime>2021-12-25 11:33:27</CreationTime>
<Description>This is my NetworkAcl.</Description>
<NetworkAclName>acl-1 </NetworkAclName>
<NetworkAclId>nacl-a2do9e413e0spdefr****</NetworkAclId>
<RegionId>cn-hangzhou </RegionId>
<IngressAclEntries>
<NetworkAclEntryId>nae-a2dk86arlydmexscd****</NetworkAclEntryId>
<NetworkAclEntryName>acl-3 </NetworkAclEntryName>
<Policy>accept</Policy>
<Description>This is IngressAclEntries. </Description>
<SourceCidrIp>10.0.0.0/24 </SourceCidrIp>
<Protocol>all</Protocol>
<Port>-1/-1</Port>
</IngressAclEntries>
<EgressAclEntries>
<NetworkAclEntryId>nae-a2d447uw4tillxsdc****</NetworkAclEntryId>
<NetworkAclEntryName>acl-2</NetworkAclEntryName>
<Policy>accept</Policy>
<Description>This is EgressAclEntries.</Description>
<Protocol>all</Protocol>
<DestinationCidrIp>10.0.0.0/24</DestinationCidrIp>
<Port>-1/-1 </Port>
</EgressAclEntries>
<Resources>
<Status>BINDED</Status>
<ResourceType>VSwitch</ResourceType>
<ResourceId>vsw-bp1de348lntdwgthy****</ResourceId>
</Resources>
</NetworkAclAttribute>
</CreateNetworkAclResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"NetworkAclId" : "nacl-a2do9e413e0spzasx****",
"RequestId" : "0ED8D006-F706-4D23-88ED-E11ED28DCAC0",
"NetworkAclAttribute" : {
"Status" : "Modifying",
"VpcId" : "vpc-a2d33rfpl72k5xsscd****",
"CreationTime" : "2021-12-25 11:33:27",
"Description" : "This is my NetworkAcl.",
"NetworkAclName" : "acl-1\t",
"NetworkAclId" : "nacl-a2do9e413e0spdefr****",
"RegionId" : "cn-hangzhou\t",
"IngressAclEntries" : [ {
"NetworkAclEntryId" : "nae-a2dk86arlydmexscd****",
"NetworkAclEntryName" : "acl-3\t",
"Policy" : "accept",
"Description" : "This is IngressAclEntries.\t",
"SourceCidrIp" : "10.0.0.0/24\t",
"Protocol" : "all",
"Port" : "-1/-1"
} ],
"EgressAclEntries" : [ {
"NetworkAclEntryId" : "nae-a2d447uw4tillxsdc****",
"NetworkAclEntryName" : "acl-2",
"Policy" : "accept",
"Description" : "This is EgressAclEntries.",
"Protocol" : "all",
"DestinationCidrIp" : "10.0.0.0/24",
"Port" : "-1/-1\t"
} ],
"Resources" : [ {
"Status" : "BINDED",
"ResourceType" : "VSwitch",
"ResourceId" : "vsw-bp1de348lntdwgthy****"
} ]
}
}
Error codes
HttpCode | Error code | Error message | Description |
400 | ParameterLengthIllegal.Name | ParameterLengthIllegal.Name | The length of the rule name is invalid. |
400 | ParameterIllegal.Name | ParameterIllegal.Name | The name of the entry is invalid. |
500 | InternalError | The request processing has failed due to some unknown error. | Some unknown errors occurred. |
For a list of error codes, see Service error codes.