A network access control list (ACL) is a function provided by Alibaba Cloud VPC to control network access. You can create a network ACL within a VPC.


A VPC is created. For information about how to create a VPC, see Create a VPC.


  1. Log on to the VPC console.
  2. In the left-side navigation pane, click Network ACL.
  3. In the top navigation bar, select a region for the network ACL.
    Note The network ACL feature is supported in the following regions: China (Qingdao), China (Beijing), China (Hohhot), China (Chengdu), China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Hong Kong), UK (London), US (Silicon Valley), Singapore, and Germany (Frankfurt).
  4. On the Network ACL page, click Create Network ACL.
  5. In the Create Network ACL dialog box that appears, configure the network ACL based on the following information. Click OK.
    Parameter Description
    VPC The VPC to which the network ACL belongs.

    If a VPC contains any instances of the following instance families, you cannot create a network ACL for the VPC.


    To create a network ACL, upgrade the instance specifications. For more information, see Instance families that support instance type changes.
    Note If your VPC contains any instances of the preceding instance families and you have created a network ACL, you must upgrade the instance specifications to ensure that the network ACL can function properly.
    Name The name of the network ACL.

    The name must be 2 to 128 characters in length and can contain letters, digits, underscores (_), and hyphens (-). It must start with a letter.

    Description The description of the network ACL.

    The description must be 2 to 256 characters in length and cannot start with http:// or https://.