CreateNatGateway - API Reference| Alibaba Cloud Documentation Center

Usage notes

You can call this operation to create an enhanced Internet NAT gateway or a virtual private cloud (VPC) NAT gateway.

When you call this operation, take note of the following limits:

When you create an enhanced NAT gateway for the first time, the system automatically creates the service-linked role AliyunServiceRoleForNatgw. Then, the system attaches the permission policy AliyunServiceRolePolicyForNatgw to the role. This allows the NAT gateway to access other resources on Alibaba Cloud. For more information, see Service-linked roles.
After you create an enhanced Internet NAT gateway, a route entry is automatically added to the route table of the VPC. The destination CIDR block of the route entry is 0.0.0.0/0 and the next hop is the NAT gateway. This ensures that traffic is routed to the NAT gateway.
CreateNatGateway is an asynchronous operation. After you make a request, an ID of an Internet NAT gateway or a VPC NAT gateway is returned, but the specified NAT gateway is not created. The system creates the NAT gateway in the background. You can call the DescribeNatGateways to query the status of a NAT gateway:
- If a NAT gateway is in the Creating state, the NAT gateway is being created. In this case, you can only perform query operations.
- If a NAT gateway is in the Available state, the NAT gateway is created. It takes approximately 1 to 3 minutes to create a NAT gateway.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates a sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	CreateNatGateway	The operation that you want to perform. Set the value to CreateNatGateway.
RegionId	String	Yes	cn-hangzhou	The region ID of the NAT gateway. You can call the DescribeRegions operation to query the most recent region list.
VpcId	String	Yes	vpc-bp1di7uewzmtvfuq8****	The ID of the VPC to which the NAT gateway belongs.
VSwitchId	String	Yes	vsw-bp1e3se98n9fq8hle****	The ID of the vSwitch to which the Internet NAT gateway is attached. When you create a NAT gateway, you must specify a vSwitch for the NAT gateway. Then, the system assigns an idle private IP address from the vSwitch to the NAT gateway. To create a NAT gateway in an existing vSwitch, make sure that the zone to which the vSwitch belongs supports NAT gateways. In addition, the vSwitch must have idle IP addresses. If you do not have a vSwitch in the VPC, create a vSwitch in the zone that supports NAT gateways. Then, specify the vSwitch for the NAT gateway. Note You can query the zones that support enhanced NAT gateway by calling the ListEnhanhcedNatGatewayAvailableZones operation. You can query the number of available IP addresses in a vSwitch by calling the DescribeVSwitches operation.
NatType	String	Yes	Enhanced	The type of the NAT gateway. Set the value to Enhanced, which specifies an enhanced Internet NAT gateway. For more information, see Release notes of enhanced Internet NAT gateways.
NetworkType	String	No	internet	The type of the NAT gateway. Valid values: internet: an Internet NAT gateway intranet: a VPC NAT gateway
InstanceChargeType	String	No	PostPaid	The billing method of the NAT gateway. Set the value to PostPaid, which specifies the pay-as-you-go billing method. Default value: PostPaid. For more information, see Pay-as-you-go.
Spec	String	No	Small	The specification of the NAT gateway. Ignore this parameter.
InternetChargeType	String	No	PayByLcu	The metering method of the NAT gateway. Set the value to PayByLcu, which specifies the pay-by-actual-usage metering method.
Name	String	No	fortest	The name of the NAT gateway. The name must be 1 to 128 characters in length. If you do not set this parameter, a hyphen (-) is used as the name by default.
Description	String	No	testnat	The description of the NAT gateway. The description must be 1 to 256 characters in length.
PricingCycle	String	No	Month	Subscription. Ignore this parameter.
AutoPay	Boolean	No	false	Specifies whether to enable automatic payment. Ignore this parameter.
Duration	String	No	1	The duration of the subscription. Ignore this parameter.
ClientToken	String	No	5A2CFF0E-5718-45B5-9D4D-70B3FF3898	The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters and cannot exceed 64 characters in length. Note If you do not set this parameter, the system automatically uses the request ID as the client token. The ID of each request may be unique.
SecurityProtectionEnabled	Boolean	No	false	Specifies whether to enable the firewall feature. Valid values: false (default): no true: yes
IcmpReplyEnabled	Boolean	No	false	Specifies whether to enable the ICMP non-retrieval feature. Valid values: false (default): no true: yes

Response parameters


Parameter	Type	Example	Description
NatGatewayId	String	ngw-112za33e4****	The ID of the NAT gateway.
ForwardTableIds	List	ftb-11tc6xgmv****	The list of DNAT entries.
RequestId	String	2315DEB7-5E92-423A-91F7-4C1EC9AD97C3	The ID of the request.
SnatTableIds	List	stb-SnatTableIds****	The list of SNAT entries.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateNatGateway
&RegionId=cn-hangzhou
&VpcId= vpc-bp1di7uewzmtvfuq8****
&VSwitchId=vsw-bp1e3se98n9fq8hle****
&NatType=Enhanced
&<Common request parameters>

Sample success responses

XML format

<CreateNatGatewayResponse>
  <RequestId>2315DEB7-5E92-423A-91F7-4C1EC9AD97C3</RequestId>
  <SnatTableIds>
        <SnatTableId>stb-SnatTableIds****</SnatTableId>
  </SnatTableIds>
  <ForwardTableIds>
        <ForwardTableId>ftb-11tc6xgmv****</ForwardTableId>
  </ForwardTableIds>
  <NatGatewayId>ngw-112za33e4****</NatGatewayId>
</CreateNatGatewayResponse>

JSON format

{
    "CreateNatGatewayResponse": {
        "RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3",
        "SnatTableIds": {
            "SnatTableId": "stb-SnatTableIds****"
        },
        "ForwardTableIds": {
            "ForwardTableId": "ftb-11tc6xgmv****"
        },
        "NatGatewayId": "ngw-112za33e4****"
    }
}

Error codes


HttpCode	Error code	Error message	Description
400	InvalidVPCStatus	vpc incorrect status.	The error message returned because the operation is not supported when the VPC is in the current state. Check whether the state of the VPC is valid.
400	InvalidNatGatewayName.MalFormed	NatGateway name is not valid.	The error message returned because the specified gateway name is invalid.
400	InvalidNatGatewayDescription.MalFormed	NatGateway description is not valid.	The error message returned because the specified description is invalid.
400	MissingParameter.BandwidthPackage	only support one BandwidthPackage be created with NatGateway.	The error message returned because no EIP bandwidth plan is specified.
400	MissingParameter	Miss mandatory parameter.	The error message returned because required parameters are not set. Check whether you have set all the required parameters before you call this operation.
400	QuotaExceeded.BandwidthPackageIps	The specified ipCount exceeded quota.	The error message returned because the number of IP addresses has reached the upper limit. Request a quota increase on the Quota Management page.
400	InvalidParameter.Name.Malformed	The specified Name is not valid.	The error message returned because the specified name format is invalid.
400	InvalidParameter.Description.Malformed	The specified Description is not valid.	The error message returned because the specified description is invalid.
400	ZONE_NO_AVAILABLE_IP	The Zone have no available ip.	The error message returned because no IP address is available in the zone.
400	InvalidParameter.BandwidthPackage.n.ISP.ValueNotSupport	The specified ISP of BandwidthPackage is not valid.	The error message returned because the specified Internet Service Provider (ISP) of the EIP bandwidth plan is invalid.
400	InvalidNatGatewayId.NotFound	The NatGatewayId not exist.	The error message returned because the specified NAT gateway ID does not exist. Check whether the value of the NatGatewayId parameter is valid.
400	VswitchStatusError	The VSwitch is creating .	The error message returned because the operation is not supported when the vSwitch is being created.
400	VpcStatusError	The Vpc is creating .	The error message returned because the operation is not supported when the VPC is being created.
400	InvalidParameter.Spec.ValueNotSupported	The specified Spec is not valid.	The error message returned because the specified gateway size is invalid.
400	Forbidden.CheckEntryRuleQuota	Route entry quota rule check error.	The error message returned because an error occurred when the system was checking the quota of route entries.
400	OperationFailed.VswNotBelongToVpc	Operation failed because the specified VSwitch is not bound to the same VPC with NAT gateway.	The error message returned because the specified vSwitch and NAT gateway are not deployed in the same VPC.
400	OperationFailed.EnhancedUserIsUnAuthorized	Operation failed because the user is not authorized to create an enhanced NAT gateway.	The error message returned because you do not have the permissions to create enhanced NAT gateways.
400	OperationUnsupported.PrePaidPyByLcu	The operation failed because the subscription NAT gateway does not support the pay-by-LCU billing method.	The error message returned because subscription NAT gateways do not support the pay-by-CU metering method.
400	OperationFailed.NormalInventoryNotEnough	Standard NAT gateways are no longer offered. You can create enhanced NAT gateways and set the correct natType.	The error message returned because you can no longer create standard NAT gateways. Set the NatType parameter to Enhanced when you create a NAT gateway.
404	InvalidRegionId.NotFound	The specified RegionId does not exist in our records.	The error message returned because the specified region ID does not exist.
404	InvalidVpcId.NotFound	Specified value of VpcId is not found in our record.	The error message returned because the specified VPC does not exist. Check whether the specified VPC is valid.
404	InvalidZoneId.NotFound	Specified value of ZoneId is not exists.	The error message returned because the specified zone does not exist.
404	InvalidZoneId.NotFound	Can not find ZoneId for allocated ip.	The error message returned because the zone of the specified IP address is invalid.

For a list of error codes, visit the API Error Center.