Associates an access control list (ACL) with a listener.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes AssociateAclsWithListener

The operation that you want to perform. Set the value to AssociateAclsWithListener.

AclIds Array of String Yes nacl-hp34s2h0xx1ht4nwo****

The IDs of the ACLs. You can specify up to three IDs at a time.

ListenerId String Yes lsr-bp1bpn0kn908w4nbw****

The ID of the listener.

AclType String Yes White

The type of ACL. Valid values:

  • White: specifies the ACL as a whitelist. Only requests from the IP addresses or CIDR blocks in the ACL are forwarded. Whitelists apply to scenarios where only specific IP addresses are allowed to access an application. Risks may occur if the whitelist is improperly set. After you set a whitelist for an ALB listener, only requests from IP addresses that are added to the whitelist are distributed by the listener. If a whitelist is enabled without IP addresses specified, the ALB listener does not forward requests.
  • Black: All requests from the IP addresses or CIDR blocks in the ACL are denied. The blacklist is used to prevent specified IP addresses from accessing an application. If the blacklist is enabled but the corresponding ACL does not contain IP addresses, the ALB listener forwards all requests.
DryRun Boolean No true

Specifies whether to precheck the API request. Valid values:

  • true: prechecks the API request. Resources are not created. The system checks the required parameters, request format, and service limits. If the request fails the check, the corresponding error message is returned. If the request passes the precheck, the DryRunOperation error code is returned.
  • false (default): checks the request. After the request passes the check, an HTTP 2xx status code is returned and the operation is performed.
ClientToken String No 5A2CFF0E-5718-45B5-9D4D-70B3FF3898

The client token that is used to ensure the idempotency of the request. You can use the client to generate the value, but you must ensure that it is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length.

Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The ID of each request may be unique.

Response parameters

Parameter Type Example Description
JobId String 72dcd26b-f12d-4c27-b3af-18f6aed5****

The ID of the query task.

RequestId String CEF72CEB-54B6-4AE8-B225-F876FF7BA984

The ID of the request.


Sample requests

&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK


JSON format

HTTP/1.1 200 OK

  "JobId" : "72dcd26b-f12d-4c27-b3af-18f6aed5****",
  "RequestId" : "CEF72CEB-54B6-4AE8-B225-F876FF7BA984"

Error codes

HttpCode Error code Error message Description
400 QuotaExceeded.AclsNum The quota of %s is exceeded, usage %s/%s. The error message returned because the usage %s has reached the upper limit %s.
400 IncorrectStatus.Acl The status of %s [%s] is incorrect. The error message returned because the status of the specified resource %s [%s] is invalid.
400 ResourceQuotaExceeded.ListenerAclEntriesNum The quota of %s is exceeded for resource %s, usage %s/%s. The error message returned because the usage %s has reached the upper limit %s of the specified resource %s.
404 ResourceNotFound.Acl The specified resource %s is not found. The error message returned because the specified resource %s does not exist.

For a list of error codes, visit the API Error Center.