Updates the rules of a network access control list (ACL).
Usage notes
- UpdateNetworkAclEntries is an asynchronous operation. After you send a request, the system returns a request ID and runs the task in the background. You can call the DescribeNetworkAclAttributes operation to query the status of a network ACL:
- If the network ACL is in the Modifying state, the rules of the network ACL are being updated.
- If the network ACL is in the Available state, the rules of the network ACL are updated.
- You cannot repeatedly call the UpdateNetworkAclEntries operation to update the rules of a network ACL within the specified period of time.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
IngressAclEntries.N.NetworkAclEntryId | String | No | nae-2zepn32de59j8m4**** | The ID of the inbound rule. Valid values of N: 0 to 99. You can specify at most 100 inbound rules. |
IngressAclEntries.N.EntryType | String | No | custom | The type of the rule. Set the value to custom, which specifies custom rules. |
IngressAclEntries.N.NetworkAclEntryName | String | No | acl-3 | The name of the inbound rule. The name must be 1 to 128 characters in length, and cannot start with |
IngressAclEntries.N.Policy | String | No | accept | The action to be performed on network traffic that matches the rule. Valid values:
|
IngressAclEntries.N.SourceCidrIp | String | No | 10.0.0.0/24 | The source CIDR block. |
IngressAclEntries.N.Description | String | No | This is IngressAclEntries. | The description of the inbound rule. The description must be 1 to 256 characters in length and cannot start with |
IngressAclEntries.N.Protocol | String | No | all | The protocol. Valid values:
|
IngressAclEntries.N.Port | String | No | -1/-1 | The source port range of the inbound rule.
|
EgressAclEntries.N.NetworkAclEntryId | String | No | nae-2zecs97e0brcge46**** | The ID of the outbound rule. Valid values of N: 0 to 99. You can specify at most 100 outbound rules. |
EgressAclEntries.N.EntryType | String | No | custom | The type of the rule. Set the value to custom, which specifies custom rules. |
EgressAclEntries.N.NetworkAclEntryName | String | No | acl-2 | The name of the outbound rule. The name must be 1 to 128 characters in length, and cannot start with |
EgressAclEntries.N.Policy | String | No | accept | The action to be performed on network traffic that matches the rule. Valid values:
|
EgressAclEntries.N.Description | String | No | This is EgressAclEntries. | The description of the outbound rule. The description must be 1 to 256 characters in length and cannot start with |
EgressAclEntries.N.Protocol | String | No | all | The protocol. Valid values:
|
EgressAclEntries.N.DestinationCidrIp | String | No | 10.0.0.0/24 | The destination CIDR block. |
EgressAclEntries.N.Port | String | No | -1/-1 | The destination port range of the outbound traffic.
|
UpdateIngressAclEntries | Boolean | No | false | Specifies whether to update inbound rules. Valid values:
Note If an inbound rule is already added to the network ACL and you want to add another inbound rule, you must specify both rules when you call this operation. If you specify only the new rule, the existing rule will be deleted. |
UpdateEgressAclEntries | Boolean | No | false | Specifies whether to update outbound rules. Valid values:
Note If an outbound rule is already added to the network ACL and you want to add another outbound rule, you must specify both rules when you call this operation. If you specify only the new rule, the existing rule will be deleted. |
NetworkAclId | String | Yes | nacl-bp1lhl0taikrzxsc**** | The ID of the network ACL. |
RegionId | String | Yes | cn-hangzhou | The region ID of the network ACL. You can call the DescribeRegions operation to query the most recent region list. |
ClientToken | String | No | 123e4567-e89b-12d3-a456-426655440000 | The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters. Note If you do not set this parameter, the system sets ClientToken to the value of RequestId. RequestId may be different for each API request. |
Action | String | Yes | UpdateNetworkAclEntries | The operation that you want to perform. Set the value to UpdateNetworkAclEntries. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 1170A5A0-E760-4331-9133-A7D38D973215 | The request ID. |
Examples
Sample requests
http(s)://[Endpoint]/?IngressAclEntries=[{"NetworkAclEntryId":"nae-2zepn32de59j8m4****","EntryType":"custom","NetworkAclEntryName":"acl-3","Policy":"accept","SourceCidrIp":"10.0.0.0/24","Description":"This is IngressAclEntries.","Protocol":"all","Port":"-1/-1"}]
&EgressAclEntries=[{"NetworkAclEntryId":"nae-2zecs97e0brcge46****","EntryType":"custom","NetworkAclEntryName":"acl-2","Policy":"accept","Description":"This is EgressAclEntries.","Protocol":"all","DestinationCidrIp":"10.0.0.0/24","Port":"-1/-1"}]
&UpdateIngressAclEntries=false
&UpdateEgressAclEntries=false
&NetworkAclId=nacl-bp1lhl0taikrzxsc****
&RegionId=cn-hangzhou
&ClientToken=123e4567-e89b-12d3-a456-426655440000
&Action=UpdateNetworkAclEntries
&Common request parameters
Sample responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<UpdateNetworkAclEntriesResponse>
<RequestId>1170A5A0-E760-4331-9133-A7D38D973215</RequestId>
</UpdateNetworkAclEntriesResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "1170A5A0-E760-4331-9133-A7D38D973215"
}
Error codes
HttpCode | Error code | Error message | Description |
---|---|---|---|
400 | ParameterLengthIllegal.Name | ParameterLengthIllegal.Name | The error message returned because the length of the rule name is invalid. |
400 | ParameterIllegal.Name | ParameterIllegal.Name | The error message returned because the name of the rule is invalid. |
400 | QuotaExceed.NetworkAclEntry | Network acl entry is over limit. | The error message returned because the number of rules in the network ACL has reached the upper limit. |
400 | InvalidNetworkAcl.NotFound | The special Network Acl is not found. | The error message returned because the network ACL is not found. |
400 | IllegalParam.IngressAclEntryId | The specified IngressAclEntryId is invalid. | The error message returned because the ID of the inbound ACL rule is invalid. |
400 | IllegalParam.EgressAclEntryId | The specified EgressAclEntryId is invalid. | The error message returned because the ID of the outbound ACL rule is invalid. |
500 | InternalError | The request processing has failed due to some unknown error. | The error message returned because some unknown errors occurred. |
For a list of error codes, visit the API Error Center.