DescribeNetworkAcls - Virtual Private Cloud - Alibaba Cloud Documentation Center

Queries network ACLs.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
vpc:DescribeNetworkAcls	List	NetworkAcl acs:vpc:{#regionId}:{#accountId}:networkacl/*	none	none

Request parameters

Parameter	Type	Required	Description	Example
NetworkAclId	string	No	The ID of the network ACL.	nacl-bp1lhl0taikrbgnh****
NetworkAclName	string	No	The name of the network ACL. The name must be 1 to 128 characters in length, and cannot start with `http://` or `https://`.	acl-1
VpcId	string	No	The ID of the VPC to which the network ACL belongs.	vpc-m5ebpc2xh64mqm27e****
ResourceType	string	No	The type of the associated instance. Set the value to VSwitch. This parameter is valid only if ResourceType and ResourceId are both specified.	VSwitch
ResourceId	string	No	The ID of the associated instance.	vsw-bp1de348lntdwnhbg****
PageNumber	integer	No	The page number. Default value: 1.	1
PageSize	integer	No	The number of entries per page. Maximum value: 50. Default value: 10.	10
RegionId	string	Yes	The region ID of the network ACL. You can call the DescribeRegions operation to query the most recent region list.	cn-hangzhou
Tags	object []	No	The tag list.
Key	string	No	The key of tag N to add to the resource. You can specify up to 20 tag keys. The tag key cannot be an empty string. The tag key can be up to 128 characters in length. It cannot start with `aliyun` or `acs:`, and cannot contain `http://` or `https://`.	FinanceDept
Value	string	No	The value of tag N to add to the resource. You can specify at most 20 tag values. The tag value can be an empty string. The tag value can be up to 128 characters in length and cannot contain `http://` or `https://`. The tag value cannot start with `aliyun` or `acs:`.	FinanceJoshua
ClientToken	string	No	The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.	123e4567-e89b-12d3-a456-426655440000

Response parameters

Parameter	Type	Description	Example
	object
PageSize	string	The number of entries per page.	10
RequestId	string	The request ID.	F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1
PageNumber	string	The page number.	1
TotalCount	string	The number of entries returned.	2
NetworkAcls	object []	The details of the network ACLs.
Status	string	The status of the network ACL. Valid values: Available Modifying	Available
VpcId	string	The ID of the associated VPC.	vpc-m5ebpc2xh64mqm27e****
CreationTime	string	The time when the network ACL was created.	2021-12-25 11:44:17
Description	string	The description of the network ACL.	This is my NetworkAcl.
NetworkAclName	string	The name of the network ACL.	acl-1
NetworkAclId	string	The ID of the network ACL.	nacl-a2do9e413e0spxscd****
OwnerId	long	The ID of the Alibaba Cloud account to which the network ACL belongs.	253460731706911258
RegionId	string	The region ID of the network ACL.	cn-hangzhou
IngressAclEntries	object []	The configurations of the inbound rules.
NetworkAclEntryId	string	The ID of the inbound rule.	nae-a2dk86arlydmezasw****
EntryType	string	The type of the inbound rule. custom system	custom
NetworkAclEntryName	string	The name of the inbound rule.	acl-3
Policy	string	The action to be performed on network traffic that matches the rule. Valid values: accept drop	accept
Description	string	The description of the inbound rule.	This is IngressAclEntries.
SourceCidrIp	string	The source CIDR block.	10.0.0.0/24
IpVersion	string	The IP version. IPv4 IPv6	IPv4
Protocol	string	The protocol. Valid values: icmp gre tcp udp all	all
Port	string	The destination port range of the inbound traffic. If the protocol of the inbound rule is set to all, icmp, or gre, the port range is -1/-1, which specifies all ports. If the protocol of the inbound rule is set to tcp or udp, set the port range in the following format: 1/200 or 80/80, which specifies port 1 to port 200 or port 80. Valid ports: 1 to 65535.	-1/-1
EgressAclEntries	object []	The outbound rules.
NetworkAclEntryId	string	The ID of the outbound rule.	nae-a2d447uw4tillfvgb****
EntryType	string	The type of the inbound rule. custom system	custom
NetworkAclEntryName	string	The name of the outbound rule.	acl-2
Policy	string	The action to be performed on network traffic that matches the rule. Valid values: accept drop	accept
Description	string	The description of the outbound rule.	This is EgressAclEntries.
Protocol	string	The protocol. Valid values: icmp gre tcp udp all	all
DestinationCidrIp	string	The destination CIDR block.	10.0.0.0/24
IpVersion	string	The IP version. IPv4 IPv6	IPV4
Port	string	The destination port range of the outbound traffic. If the protocol of the outbound rule is set to all, icmp, or gre, the port range is -1/-1, which specified all ports. If the protocol of the outbound rule is set to tcp or udp, set the port range in the following format: 1/200 or 80/80, which specifies port 1 to port 200 or port 80. Valid values for a port: 1 to 65535.	-1/-1
Resources	object []	The resources that are associated with the network ACL.
Status	string	The association status of the resource. Valid values: BINDED BINDING UNBINDING	BINDED
ResourceType	string	The type of resource with which you want to associate the network ACL.	VSwitch
ResourceId	string	The ID of the associated resource.	vsw-bp1de348lntdwcdf****
Tags	object []	The information about the tags.
Key	string	The key of tag N added to the resource.	FinanceDept
Value	string	The value of tag N added to the resource.	FinanceJoshua

Examples

Sample success responses

JSONformat

{
  "PageSize": "10",
  "RequestId": "F7DDDC17-FA06-4AC2-8F35-59D2470FCFC1",
  "PageNumber": "1",
  "TotalCount": "2",
  "NetworkAcls": {
    "NetworkAcl": [
      {
        "Status": "Available",
        "VpcId": "vpc-m5ebpc2xh64mqm27e****",
        "CreationTime": "2021-12-25 11:44:17",
        "Description": "This is my NetworkAcl.",
        "NetworkAclName": "acl-1",
        "NetworkAclId": "nacl-a2do9e413e0spxscd****",
        "OwnerId": 253460731706911260,
        "RegionId": "cn-hangzhou",
        "IngressAclEntries": {
          "IngressAclEntry": [
            {
              "NetworkAclEntryId": "nae-a2dk86arlydmezasw****",
              "EntryType": "custom",
              "NetworkAclEntryName": "acl-3\t",
              "Policy": "accept",
              "Description": "This is IngressAclEntries.",
              "SourceCidrIp": "10.0.0.0/24\t",
              "IpVersion": "IPv4",
              "Protocol": "all",
              "Port": "-1/-1\t"
            }
          ]
        },
        "EgressAclEntries": {
          "EgressAclEntry": [
            {
              "NetworkAclEntryId": "nae-a2d447uw4tillfvgb****",
              "EntryType": "custom",
              "NetworkAclEntryName": "acl-2\t",
              "Policy": "accept",
              "Description": "This is EgressAclEntries.",
              "Protocol": "all",
              "DestinationCidrIp": "10.0.0.0/24\t",
              "IpVersion": "IPV4",
              "Port": "-1/-1\t"
            }
          ]
        },
        "Resources": {
          "Resource": [
            {
              "Status": "BINDED",
              "ResourceType": "VSwitch",
              "ResourceId": "vsw-bp1de348lntdwcdf****"
            }
          ]
        },
        "Tags": {
          "Tag": [
            {
              "Key": "FinanceDept",
              "Value": "FinanceJoshua"
            }
          ]
        }
      }
    ]
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	ParameterMissing.AliUid	ParameterMissing.AliUid	-
400	ParameterMissing.Bid	ParameterMissing.Bid	-
400	ParameterMissing.RegionId	ParameterMissing.RegionId	-
400	ParameterEmpty.RegionId	ParameterEmpty.RegionId	-
400	NotSupport.NetworkAcl	Network acl is not support now.	-
500	InternalError	The request processing has failed due to some unknown error.	An unknown error occurred.

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2023-11-24

The Error code has changed. The response structure of the API has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 500
Output Parameters	The response structure of the API has changed.

2023-05-09

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 500