Queries details about a network access control list (ACL).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates a sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeNetworkAclAttributes

The operation that you want to perform. Set the value to DescribeNetworkAclAttributes.

NetworkAclId String Yes nacl-a2do9e413e0spzasx****

The ID of the network ACL.

RegionId String Yes cn-hangzhou

The ID of the region to which the network ACL belongs. You can call the DescribeRegions operation to query the region IDs.

ClientToken String No 0c593ea1-3bea-11e9-b96b-88e9fe637760

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters and cannot exceed 64 characters in length.

Response parameters

Parameter Type Example Description
NetworkAclAttribute Struct

The details about the network ACL.

CreationTime String 2020-04-25 11:33:27

The time when the network ACL was created.

Description String This is my NetworkAcl.

The description of the network ACL.

EgressAclEntries Array of EgressAclEntry

The information about outbound rules of the network ACL.

EgressAclEntry
Description String This is EgressAclEntries.

The description of the outbound rule.

DestinationCidrIp String 10.0.0.0/24

The destination CIDR block.

NetworkAclEntryId String nae-a2d447uw4tillxdcv****

The ID of the outbound rule.

NetworkAclEntryName String acl-2

The name of the outbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
Port String -1/-1

The destination ports.

Protocol String all

The transport layer protocols. Valid values:

  • icmp: ICMP
  • gre: GRE
  • tcp: TCP
  • udp: UDP
  • all: All protocols are supported.
IngressAclEntries Array of IngressAclEntry

The information about inbound rules of the network ACL.

IngressAclEntry
Description String This is IngressAclEntries.

The description of the inbound rule.

NetworkAclEntryId String nae-a2dk86arlydmevfbg****

The ID of the inbound rule.

NetworkAclEntryName String acl-3

The name of the inbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
Port String -1/-1

The source ports.

Protocol String all

The transport layer protocols. Valid values:

  • icmp: ICMP
  • gre: GRE
  • tcp: TCP
  • udp: UDP
  • all: All protocols are supported.
SourceCidrIp String 10.0.0.0/24

The CIDR block of the source address.

NetworkAclId String nacl-a2do9e413e0spnhmj****

The ID of the network ACL.

NetworkAclName String acl-1

The name of the network ACL.

OwnerId Long 12345678

The ID of the Alibaba Cloud account to which the network ACL belongs.

RegionId String cn-hangzhou

The ID of the region to which the network ACL belongs.

Resources Array of Resource

The resources that are associated with the network ACL.

Resource
ResourceId String vsw-bp1de348lntdwxscd****

The ID of the associated resource.

ResourceType String VSwitch

The type of the associated resource.

Status String BINDED

The status of the associated resource. Valid values:

  • BINDED: The resource is associated with the network ACL.
  • BINDING: The resource is being associated with the network ACL.
  • UNBINDING: The resource is disassociated from the network ACL.
Status String Available

The status of the associated resource. Valid values:

  • Available: The resource is available for use.
  • Modifying: The resource is being configured.
VpcId String vpc-a2d33rfpl72k5defr****

The ID of the virtual private cloud (VPC) to which the network ACL applies.

RequestId String F5905F9C-0161-4E72-9CB1-1F3F3CF6268A

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeNetworkAclAttributes
&NetworkAclId=nacl-a2do9e413e0spzasx****
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format

<DescribeNetworkAclAttributesResponse>
  <RequestId>F5905F9C-0161-4E72-9CB1-1F3F3CF6268A</RequestId>
  <NetworkAclAttribute>
        <Status>Available</Status>
        <Description>This is my NetworkAcl.</Description>
        <OwnerId>12345678</OwnerId>
        <VpcId>vpc-a2d33rfpl72k5defr****</VpcId>
        <NetworkAclId>nacl-a2do9e413e0spnhmj****</NetworkAclId>
        <CreationTime>2019-04-25 11:33:27</CreationTime>
        <NetworkAclName>acl-1</NetworkAclName>
        <RegionId>cn-hangzhou</RegionId>
        <IngressAclEntries>
              <IngressAclEntry>
                    <Policy>accept</Policy>
                    <Description>This is IngressAclEntries.</Description>
                    <Port>-1/-1</Port>
                    <SourceCidrIp>10.0.0.0/24</SourceCidrIp>
                    <NetworkAclEntryName>acl-3</NetworkAclEntryName>
                    <Protocol>all</Protocol>
                    <NetworkAclEntryId>nae-a2dk86arlydmevfbg****</NetworkAclEntryId>
              </IngressAclEntry>
        </IngressAclEntries>
        <EgressAclEntries>
              <EgressAclEntry>
                    <Policy>accept</Policy>
                    <Description>This is EgressAclEntries.</Description>
                    <DestinationCidrIp>10.0.0.0/24</DestinationCidrIp>
                    <Port>-1/-1</Port>
                    <NetworkAclEntryName>acl-2</NetworkAclEntryName>
                    <Protocol>all</Protocol>
                    <NetworkAclEntryId>nae-a2d447uw4tillxdcv****</NetworkAclEntryId>
              </EgressAclEntry>
        </EgressAclEntries>
        <Resources>
              <Resource>
                    <Status>BINDED</Status>
                    <ResourceId>vsw-bp1de348lntdwxscd****</ResourceId>
                    <ResourceType>VSwitch</ResourceType>
              </Resource>
        </Resources>
  </NetworkAclAttribute>
</DescribeNetworkAclAttributesResponse>

JSON format

{
    "RequestId": "F5905F9C-0161-4E72-9CB1-1F3F3CF6268A",
    "NetworkAclAttribute": {
        "Status": "Available",
        "Description": "This is my NetworkAcl.",
        "OwnerId": 12345678,
        "VpcId": "vpc-a2d33rfpl72k5defr****",
        "NetworkAclId": "nacl-a2do9e413e0spnhmj****",
        "CreationTime": "2019-04-25 11:33:27",
        "NetworkAclName": "acl-1",
        "RegionId": "cn-hangzhou",
        "IngressAclEntries": {
            "IngressAclEntry": {
                "Policy": "accept",
                "Description": "This is IngressAclEntries.",
                "Port": "-1/-1",
                "SourceCidrIp": "10.0.0.0/24",
                "NetworkAclEntryName": "acl-3",
                "Protocol": "all",
                "NetworkAclEntryId": "nae-a2dk86arlydmevfbg****"
            }
        },
        "EgressAclEntries": {
            "EgressAclEntry": {
                "Policy": "accept",
                "Description": "This is EgressAclEntries.",
                "DestinationCidrIp": "10.0.0.0/24",
                "Port": "-1/-1",
                "NetworkAclEntryName": "acl-2",
                "Protocol": "all",
                "NetworkAclEntryId": "nae-a2d447uw4tillxdcv****"
            }
        },
        "Resources": {
            "Resource": {
                "Status": "BINDED",
                "ResourceId": "vsw-bp1de348lntdwxscd****",
                "ResourceType": "VSwitch"
            }
        }
    }
}

Error codes

HttpCode Error code Error message Description
500 InternalError The request processing has failed due to some unknown error. The error message returned because an unknown error occurred.

For a list of error codes, visit the API Error Center.