Creates a VPC firewall to protect traffic between two Virtual Private Clouds (VPCs) that are connected by an Express Connect circuit.
Operation description
This operation creates a VPC firewall. The VPC firewall protects traffic between two VPCs that are connected by an Express Connect circuit. This VPC firewall does not protect traffic between VPCs in different regions, between VPCs that belong to different accounts, or between a VPC and a Virtual Border Router (VBR). For more information, see Limits on VPC firewalls.
QPS limit
This operation has a queries per second (QPS) limit of 10 for each user. If you exceed the limit, your API calls are throttled. This may affect your business. We recommend that you call this operation at a reasonable rate.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language of the request and response. Valid values:
|
zh |
| VpcFirewallName |
string |
Yes |
The instance name of the VPC firewall. |
测试用实例 |
| LocalVpcId |
string |
Yes |
The instance ID of the local VPC. |
vpc-8vbwbo90rq0anm6t**** |
| LocalVpcRegion |
string |
Yes |
The region ID where the local VPC resides. Note
For more information about the regions that Cloud Firewall supports, see Supported regions. |
cn-hangzhou |
| PeerVpcId |
string |
Yes |
The instance ID of the peer VPC. |
vpc-wb8vbo90rq0anm6t**** |
| PeerVpcRegion |
string |
Yes |
The region ID where the peer VPC resides. Note
For more information about the regions that Cloud Firewall supports, see Supported regions. |
cn-shanghai |
| FirewallSwitch |
string |
Yes |
The status of the VPC firewall after it is created. Valid values:
|
open |
| LocalVpcCidrTableList |
string |
Yes |
The list of CIDR blocks for the local VPC. The value is a JSON string that contains the following parameters:
|
[{"RouteTableId":"vtb-1234","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]},{"RouteTableId":"vtb-1235","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]}] |
| PeerVpcCidrTableList |
string |
Yes |
The list of CIDR blocks for the peer VPC. The value is a JSON string that contains the following parameters:
|
[{"RouteTableId":"vtb-1234","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]},{"RouteTableId":"vtb-1235","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]}] |
| MemberUid |
string |
No |
The UID of the member account. |
258039427902**** |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| VpcFirewallId |
string |
The instance ID of the VPC firewall. |
vfw-m5e7dbc4y**** |
| RequestId |
string |
The ID of the request. |
850A84D6-0DE4-4797-A1E8-00090125h4j6 |
Examples
Success response
JSON format
{
"VpcFirewallId": "vfw-m5e7dbc4y****",
"RequestId": "850A84D6-0DE4-4797-A1E8-00090125h4j6"
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorAliUid | Aliuid invalid. | The aliuid is invalid. |
| 400 | ErrorInvalidMemberUid | Member uid is invalid | The member is invalid. |
| 400 | ErrorFirewallName | Firewall name invalid. | Firewall name error, please re-enter. |
| 400 | ErrorVpcFirewallExist | Vpc firewall already exist. | The firewall is already configured and cannot be configured repeatedly. |
| 400 | ErrorVpcIdError | Vpc ID invalid. | The VPC is incorrectly selected. Select another VPC. |
| 400 | ErrorRegionNoError | Region invalid. | Region selection error, please re-enter. |
| 400 | ErrorDestCidrError | The destination CIDR block is invalid. | The specified destination CIDR block is invalid. Enter another value. |
| 400 | ErrorDestCidrEmpty | The target network segment is empty and cannot be created | The destination CIDR block is not specified. The firewall cannot be created. |
| 400 | ErrorSameCidrIp | The same network segment cannot be configured repeatedly. Please reselect the network segment. | The CIDR block is already in use. Specify another CIDR block. |
| 400 | ErrorDBSelectError | A database select error occurred. | The error message returned because an internal error has occurred in querying the database. |
| 400 | ErrorCidrFormat | Cidr ip format error. | CIDR format error, please re-select |
| 400 | ErrorCidrIpAddress | cidr ip error. | The destination network segment is incorrect, please select again. |
| 400 | ErrorCustomRouteEntryMax | custom route exceeds maximum limit. | The number of target CIDR blocks exceeds the maximum number. Reduce the number of CIDR blocks. |
| 400 | ErrorVpcFirewallNotFound | Vpc firewall not found. | The specified VPC firewall does not exist. Select another one. |
| 400 | ErrorInvalidMemberUidStatus | invalid member uid status. | The status of the member account is invalid. This operation is not supported. |
| 400 | ErrorGeneralInstanceSpecFull | Cloud Firewall instance specifications are full. | Cloud Firewall instance specifications are full. |
| 400 | ErrorBandwidthPenalty | Cloud Firewall bandwidth is being overused. | Cloud Firewall bandwidth is being overused. |
| 400 | ErrorCenVpcEcConflict | The cloud enterprise network VPC conflicts with the Express Connect VPC. | The cloud enterprise network VPC conflicts with the Express Connect VPC and the firewall cannot be enabled. Please select |
| 400 | ErrorFirewallQuotaNotEmpty | The quota for VPC firewalls is exceeded. | The quota is insufficient. You cannot configure the VPC firewall. Increase the quota. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.