Creates a network access control list (ACL).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateNetworkAcl

The operation that you want to perform. Set the value to CreateNetworkAcl.

RegionId String Yes cn-hangzhou

The ID of the region where you want to create the network ACL. You can call the DescribeRegions operation to query the most recent region list.

VpcId String Yes vpc-dsfd34356vdf****

The ID of the virtual private cloud (VPC) to which you want to apply the network ACL.

VPCs that contain one of the following types of instance do not support network ACLs:

ecs.c1, ecs.c2, ecs.c4, ecs.c5, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

To create a network ACL for a VPC that contains one of the preceding types of instance, you must upgrade or release the instance.

Note If your VPC contains one of the preceding types of instance and you have already created a network ACL, you must upgrade the type of instance to ensure that the network ACL can take effect.
NetworkAclName String No acl-1

The name of the network ACL.

The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter and cannot start with http:// or https://.

Description String No This is my NetworkAcl.

The description of the network ACL. The description must be 2 to 256 characters in length. It must start with a letter and cannot start with http:// or https://.

ClientToken String No 0c593ea1-3bea-11e9-b96b-88e9fe637760

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters and cannot exceed 64 characters in length.

Response parameters

Parameter Type Example Description
NetworkAclAttribute Struct

The attributes of the network ACL.

CreationTime String 2019-04-25 11:33:27

The time when the network ACL was created.

Description String This is my NetworkAcl.

The description of the network ACL.

EgressAclEntries Array of EgressAclEntry

The outbound rules.

EgressAclEntry
Description String This is EgressAclEntries.

The description of the outbound rule.

DestinationCidrIp String 10.0.0.0/24

The destination CIDR block.

NetworkAclEntryId String nae-a2d447uw4tillxsdc****

The ID of the outbound rule.

NetworkAclEntryName String acl-2

The name of the outbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
Port String -1/-1

The range of destination ports.

Protocol String all

The transport layer protocols. Valid values:

  • icmp: Internet Control Message Protocol (ICMP)
  • gre: Generic Routing Encapsulation (GRE)
  • tcp: TCP
  • udp: UDP
  • all: all protocols
IngressAclEntries Array of IngressAclEntry

The inbound rules.

IngressAclEntry
Description String This is IngressAclEntries.

The description of the inbound rule.

NetworkAclEntryId String nae-a2dk86arlydmexscd****

The ID of the inbound rule.

NetworkAclEntryName String acl-3

The name of the inbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept: allows the network traffic.
  • drop: blocks the network traffic.
Port String -1/-1

The range of source ports.

Protocol String all

The transport layer protocols. Valid values:

  • icmp: ICMP
  • gre: GRE
  • tcp: TCP
  • udp: UDP
  • all: all protocols
SourceCidrIp String 10.0.0.0/24

The source CIDR block.

NetworkAclId String nacl-a2do9e413e0spdefr****

The ID of the network ACL.

NetworkAclName String acl-1

The name of the network ACL.

RegionId String cn-hangzhou

The region where the network ACL is deployed.

Resources Array of Resource

The resources that are associated with the network ACL.

Resource
ResourceId String vsw-bp1de348lntdwgthy****

The ID of the associated resource.

ResourceType String VSwitch

The type of the associated resource.

Status String BINDED

The status of the associated resource. Valid values:

  • BINDED: The resource is associated with the network ACL.
  • BINDING: The resource is being associated with the network ACL.
  • UNBINDING: The resource is disassociated from the network ACL.
Status String Modifying

The status of the network ACL. Valid values:

  • Available: The network ACL is available for use.
  • Modifying: The network ACL is being configured.
VpcId String vpc-a2d33rfpl72k5xsscd****

The ID of the VPC to which the network ACL applies.

NetworkAclId String nacl-a2do9e413e0spzasx****

The ID of the network ACL.

RequestId String 0ED8D006-F706-4D23-88ED-E11ED28DCAC0

The ID of the request.

Examples

Sample requests

https://vpc.aliyuncs.com/?Action=CreateNetworkAcl
&RegionId=cn-hangzhou
&VpcId=vpc-dsfd34356vdf****
&<Common request parameters>

Sample success responses

XML format

<CreateNetworkAclResponse>
  <NetworkAclAttribute>
        <CreationTime>2019-04-25 11:33:27</CreationTime>
        <EgressAclEntries>
              <EgressAclEntry>
                    <Port>-1/-1</Port>
                    <Policy>accept</Policy>
                    <NetworkAclEntryId>nae-a2d447uw4tillcdvf****</NetworkAclEntryId>
                    <DestinationCidrIp>0.0.0.0/0</DestinationCidrIp>
                    <Protocol>all</Protocol>
              </EgressAclEntry>
        </EgressAclEntries>
        <Status>Available</Status>
        <RegionId>cn-hangzhou</RegionId>
        <IngressAclEntries>
              <IngressAclEntry>
                    <SourceCidrIp>0.0.0.0/0</SourceCidrIp>
                    <Port>-1/-1</Port>
                    <Policy>accept</Policy>
                    <NetworkAclEntryId>nae-a2dk86arlydmecdvf****</NetworkAclEntryId>
                    <Protocol>all</Protocol>
              </IngressAclEntry>
        </IngressAclEntries>
        <NetworkAclId>nacl-a2do9e413e0spcdvf****</NetworkAclId>
        <VpcId>vpc-a2d33rfpl72k5cdvf****</VpcId>
        <Resources>
    </Resources>
  </NetworkAclAttribute>
  <RequestId>AEAC0891-1E52-4A46-A29C-175FB6356FE8</RequestId>
  <NetworkAclId>nacl-a2do9e413e0spcdvf****</NetworkAclId>
</CreateNetworkAclResponse>

JSON format

{
   "NetworkAclAttribute":    {
      "CreationTime": "2019-04-25 11:33:27",
      "EgressAclEntries": {"EgressAclEntry": [      {
         "Port": "-1/-1",
         "Policy": "accept",
         "NetworkAclEntryId": "nae-a2d447uw4tillcdvf****",
         "DestinationCidrIp": "0.0.0.0/0",
         "Protocol": "all"
      }]},
      "Status": "Available",
      "RegionId": "cn-hangzhou",
      "IngressAclEntries": {"IngressAclEntry": [      {
         "SourceCidrIp": "0.0.0.0/0",
         "Port": "-1/-1",
         "Policy": "accept",
         "NetworkAclEntryId": "nae-a2dk86arlydmecdvf****",
         "Protocol": "all"
      }]},
      "NetworkAclId": "nacl-a2do9e413e0spcdvf****",
      "VpcId": "vpc-a2d33rfpl72k5cdvf****",
      "Resources": {"Resource": []}
   },
   "RequestId": "AEAC0891-1E52-4A46-A29C-175FB6356FE8",
   "NetworkAclId": "nacl-a2do9e413e0spcdvf****"
}

Error codes

HttpCode Error code Error message Description
500 InternalError The request processing has failed due to some unknown error. The error message returned because unknown errors have occurred.

For a list of error codes, visit the API Error Center.