This topic describes how to create a network access control list (ACL) in a Virtual Private Cloud (VPC) network. ACL is a feature provided by VPC. It allows you to manage network access permissions.

Prerequisites

  • The network ACL feature is available based on different regions as described in the following:

    The network ACL feature is available only in the preceding regions.

  • A VPC network is created. For more information, see Create a VPC.

Procedure

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click Network ACL.
  3. In the top navigation bar, select the region where you want to create the network ACL.
  4. On the Network ACL page, click Create Network ACL.
  5. In the Create Network ACL dialog box, set the following parameters, and click OK.
    Parameter Description
    VPC Select the VPC network for which you want to create the network ACL.

    If a VPC network contains an Elastic Compute Service (ECS) instance that belongs to one of the following instance families, you cannot create a network ACL for the VPC network.

    ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4.

    In this case, you must upgrade or release the ECS instances that do not support advanced VPC features.
    Note If your VPC network contains ECS instances of the preceding instance families and you have created a network ACL, you must upgrade or release the ECS instances to ensure that the network ACL can work as expected. For more information, see Overview of VPC advanced features.
    Name The name of the network ACL.

    The name must be 2 to 128 characters in length, and can contain letters, Chinese characters, digits, underscores (_), and hyphens (-). It must start with a letter or a Chinese character.

    Description The description of the network ACL.

    The description must be 2 to 256 characters in length, and cannot start with http:// or https://.