All Products
Search
Document Center

Virtual Private Cloud:CreateTrafficMirrorFilter

Last Updated:Mar 04, 2024

Creates a filter for traffic mirroring.

Operation description

CreateTrafficMirrorFilter is an asynchronous operation. After a request is sent, the system returns a request ID and runs the task in the background. You can call the ListTrafficMirrorFilters operation to query the status of the task.

  • If the filter is in the Creating state, the filter is being created.
  • If the filter is in the Created state, the filter is created.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
vpc:CreateTrafficMirrorFilterWrite
  • TrafficMirrorFilter
    acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
TrafficMirrorFilterDescriptionstringNo

The description of the filter.

The description must be 1 to 256 characters in length and cannot start with http:// or https://.

this is a filter.
TrafficMirrorFilterNamestringNo

The name of the filter.

The name must be 1 to 128 characters in length, and cannot start with http:// or https://.

abc
ClientTokenstringNo

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the value, but you must ensure that the value is unique among all requests. The client token can contain only ASCII characters.

Note If you do not set this parameter, the system uses RequestId as ClientToken. RequestId may be different for each API request.
123e4567-e89b-12d3-a456-426655440000
DryRunbooleanNo

Specifies whether to perform a dry run. Valid values:

  • true: performs a dry run. The system checks the required parameters, request syntax, and limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the DryRunOperation error code is returned.
  • false: performs a dry run and sends the request. If the request passes the dry run, a 2xx HTTP status code is returned and the operation is performed. This is the default value.
false
IngressRulesobject []No

The list of inbound rules.

ActionstringYes

The action of the inbound rule. Valid values:

  • accept: collects network traffic.
  • drop: does not collect network traffic.
accept
SourceCidrBlockstringNo

The source CIDR block of the inbound traffic.

10.0.0.0/24
ProtocolstringYes

The protocol that is used by the inbound traffic to be mirrored. Valid values:

  • ALL: all protocols
  • ICMP: ICMP
  • TCP: TCP
  • UDP: UDP
TCP
DestinationPortRangestringNo

The destination port range of the inbound traffic. Valid values for a port: 1 to 65535. Separate the first port and the last port with a forward slash (/). Examples: 1/200 and 80/80.

Note If you set IngressRules.N.Protocol to ALL or ICMP, you do not need to set this parameter. In this case, all ports are available.
80/120
PriorityintegerNo

The priority of the inbound rule. A smaller value indicates a higher priority.

The maximum value of N is 10. You can configure up to 10 inbound rules for a filter.

1
DestinationCidrBlockstringNo

The destination CIDR block of the inbound traffic.

10.0.0.0/24
SourcePortRangestringNo

The source port range of the inbound traffic. Valid values for a port: 1 to 65535. Separate the first port and the last port with a forward slash (/). Examples: 1/200 and 80/80.

Note If you set IngressRules.N.Protocol to ALL or ICMP, you do not need to set this parameter. In this case, all ports are available.
80/120
EgressRulesobject []No

The list of outbound rules.

ActionstringYes

The action of the outbound rule. Valid values:

  • accept: collects network traffic.
  • drop: does not collect network traffic.
accept
SourceCidrBlockstringNo

The source CIDR block of the outbound traffic.

10.0.0.0/24
ProtocolstringYes

The protocol that is used by the outbound traffic to be mirrored. Valid values:

  • ALL: all protocols
  • ICMP: ICMP
  • TCP: TCP
  • UDP: UDP
TCP
DestinationPortRangestringNo

The destination port range of the outbound traffic. Valid values for a port: 1 to 65535. Separate the first port and the last port with a forward slash (/). Examples: 1/200 and 80/80. You cannot set this parameter to only -1/-1. The value -1/-1 specifies all ports.

Note If you set EgressRules.N.Protocol to ALL or ICMP, you do not need to set this parameter. In this case, all ports are available.
22/40
PriorityintegerNo

The priority of the outbound rule. A smaller value indicates a higher priority.

The maximum value of N is 10. You can configure up to 10 outbound rules for a filter.

1
DestinationCidrBlockstringNo

The destination CIDR block of the outbound traffic.

10.0.0.0/24
SourcePortRangestringNo

The source port range of the outbound traffic. Valid values for a port: 1 to 65535. Separate the first port and the last port with a forward slash (/). Examples: 1/200 and 80/80. You cannot set this parameter to only -1/-1. The value -1/-1 specifies all ports.

Note If you set EgressRules.N.Protocol to ALL or ICMP, you do not need to set this parameter. In this case, all ports are available.
22/40
RegionIdstringYes

The ID of the region to which the mirrored traffic belongs.

You can call the DescribeRegions operation to query the most recent region list. For more information about regions that support traffic mirroring, see Overview of traffic mirroring.

cn-hongkong
ResourceGroupIdstringNo

The ID of the resource group to which the mirrored traffic belongs.

rg-bp67acfmxazb4ph****
Tagobject []No

The tag of the resource.

KeystringNo

The tag key. You can specify at most 20 tag keys. The tag key cannot be an empty string.

The tag key can be up to 128 characters in length. The tag key cannot start with aliyun or acs:, and cannot contain http:// or https://.

FinanceDept
ValuestringNo

The tag value. You can specify at most 20 tag values. The tag value can be an empty string.

The tag value can be up to 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.

FinanceJoshua

Response parameters

ParameterTypeDescriptionExample
object
TrafficMirrorFilterIdstring

The ID of the filter.

tmf-j6cmls82xnc86vtpe****
RequestIdstring

The ID of the request.

28DB147D-217B-43E8-9E94-A3F6837DDC8A
ResourceGroupIdstring

The ID of the resource group to which the mirrored traffic belongs.

rg-bp67acfmxazb4ph****

Examples

Sample success responses

JSONformat

{
  "TrafficMirrorFilterId": "tmf-j6cmls82xnc86vtpe****",
  "RequestId": "28DB147D-217B-43E8-9E94-A3F6837DDC8A",
  "ResourceGroupId": "rg-bp67acfmxazb4ph****"
}

Error codes

HTTP status codeError codeError messageDescription
400UnsupportedFeature.IpVersionThe ipversion type is not supported.-
400IncorrectBusinessStatus.TrafficMirrorThe business status of traffic mirror is incorrect.Traffic mirroring is in an invalid state.
400OptInRequired.TrafficMirrorYou need to subscribe to the traffic mirror service first.Traffic mirroring is disabled.
400QuotaExceeded.TrafficMirrorFilterThe maximum number of traffic image filters is exceeded.The number of filters has reached the upper limit.
400DuplicatedParam.PriorityThe specified priority conflicts with the existing priority.The specified priority is the same as an existing one.
400UnsupportedRegionThe feature is not supported in current region.The feature is not supported in the current region.
400IllegalParamFormat.SrcCidrBlockThe format of the specified source CIDR block is invalid.The error message returned because the format of the source CIDR block is invalid.
400IllegalParamFormat.DstCidrBlockThe format of the specified dst CIDR block is invalid.The format of the destination CIDR block is invalid.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-08-30The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change
2023-07-05The Error code has changed. The request parameters of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: Tag