Adds an SNAT entry to the SNAT table.

API description

Note the following before you call this action:

  • The VSwitch and the ECS instance specified in the SNAT entry must belong to the same VPC as the NAT Gateway.
  • Each VSwitch and ECS instance can belong to only one SNAT entry.
  • No SNAT entry can be added if any HAVIP instance exists in the VSwitch.
  • A public IP address cannot be used in both SNAT and DNAT entries at the same time.

Make the API call

You can use OpenAPI Explorer to make API calls, search for API calls, perform debugging, and generate SDK example code.

Request parameters

Parameter Type Required? Example value Description
Action String Yes CreateSnatEntry

The name of this action.Value: CreateSnatEntry

RegionId String Yes cn-hangzhou

The ID of the region to which the NAT Gateway belongs.

To query the region ID, call DescribeRegions.

SnatIp String Yes 47.XX.XX.98

The public IP addresses. Separate multiple IP addresses with commas (,).

SnatTableId String Yes Stb-bp190wu8io1vgev ****

The ID of the SNAT table.

SourceVSwitchId String No vsw-bp1nhx2s9ui5o****

The ID of the VSwitch that requires access to the Internet.

SourceCIDR String No 10.1.1.0/24

The CIDR block of the VSwitch or ECS instance.

  • VSwitch granularity: Specifies the CIDR block of the VSwitch (for example, 192.168.1.0/24). When an ECS instance in the VSwitch initiates an Internet access request, the NAT Gateway provides the SNAT service (Internet proxy service) for the ECS instance. If you specify only one public IP address for the SnatIp parameter, the ECS instance uses the specified public IP address to access the Internet. However, if you specify multiple public IP addresses for the SnatIp parameter, the ECS instance randomly uses one of the public IP addresses specified for SnatIp to access the Internet.
  • ECS granularity: Specifies the IP address of the ECS instance (for example, 192.168.1.1/32). When an ECS instance initiates an Internet access request, the NAT Gateway provides the SNAT service (Internet proxy service) for the ECS instance. If you specify only one public IP address for the SnatIp parameter, the ECS instance uses the specified public IP address to access the Internet. However, if you specify multiple public IP addresses for the SnatIp parameter, the ECS instance randomly uses one of the public IP addresses specified for SnatIp to access the Internet.

This parameter and the SourceVSwtichId parameter are mutually exclusive. If you have specified SourceVSwitchId, you cannot specify SourceCIDR. If you have specified SourceCIDR, you cannot specify SourceVSwitchId.

SnatEntryName String No SnatEntry-1

The name of the SNAT entry. The name must be 2 to 128 characters in length. It must start with a letter, and cannot start with http:// or https://.

ClientToken String No 02fb3da4-130e-11e9-8e44-001****

The client token that guarantees the idempotence of the request. The value of this parameter is generated by the client and is unique among different requests. Only ASCII characters are allowed. It can contain a maximum of 64 ASCII characters.

Response parameters

Parameter Type Example value Description
RequestId String 2315DEB7-5E92-423A-91F7-4C1EC9AD97C3

The ID of the request.

SnatEntryId String snat-kmd6nv8fy****

The ID of the SNAT entry.

Examples

Request example

https://vpc.aliyuncs.com/?Action=CreateSnatEntry
&RegionId=cn-hangzhou
&SnatIp=47.XX.XX.98
&SnatTableId=stb-bp190wu8io1vgevx****
&<Common request parameters>

Response example

XML format

<CreateSnatEntryResponse>
      <RequestId>2315DEB7-5E92-423A-91F7-4C1EC9AD97C3</RequestId>
      <SnatEntryId>snat-119smw5tkx****</SnatEntryId>
</CreateSnatEntryResponse>

JSON format

{
    "SnatEntryId": "snat-kmd6nv8fyx****",
    "RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3"
}

Errors

HTTP status code Error code Error message Description
404 InvalidRegionId.NotFound The specified RegionId does not exist in our records. The specified RegionId does not exist.
404 InvalidSnatTableId.NotFound Specified SNAT table does not exist. The specified SNAT table does not exist.
400 Forbidden.SourceVSwitchId.IncludeHaVip There is some HaVips under specified VSwitch One or more HAVIPs already exist under the specified VSwitch.
400 InvalidSnatIp.Malformed The specified SnatIp is not a valid IP address. The specified public IP address is invalid.
400 SNAT_IP_POOL_COUNT_TOO_MANY The Snat pool ip too many. The number of IP addresses in the SNAT IP address pool has reached the quota.
400 Forbidden.SnatEntryCountLimited SNAT entry in the specified SNAT table reach it? s limit. The number of SNAT entries has reached the quota.
400 NOT_ALLOW_USE_SOURCECIDR The User not in nat_scope_unlimited white list. Cannot use SourceCidr param. The private IP address falls outside of the VPC CIDR block.
404 InvalidVSwitchId.NotFound The specified virtual switch does not exists. The specified VSwitch does not exist.
400 INVALID_PARAMETER The parameter invalid. The specified parameter is invalid.
400 Forbidden.SourceVSwitchId.Duplicated The specified SourceCIDRis duplicated. SNAT rules have already been configured for this VSwitch.
404 InvalidSnatIp.NotFound Specified SnatIp does not found on the NAT Gateway The specified public IP address does not belong to the NAT Gateway.
400 Forbidden.IpUsedInForwardTable The specified SnatIp already used in forward table The specified public IP address is being used by a DNAT rule. Select a different IP address or delete the DNAT rule that uses this IP address.
400 Forbindden The specified Instance already bind eip An EIP is already associated with this ECS instance. Disassociate the EIP from the ECS instance first and then add the forwarding rule.
400 OperationUnsupported.CidrConflict The specified CIDR block conflicts with an existing SNAT entry. The specified CIDR block conflicts with the existing SNAT entry.
400 InvalidParameter.Name.Malformed The specified Name is not valid. The specified name is invalid.

For a list of error codes, visit the API Error Center.