Creates a VPC firewall to protect traffic between two VPCs that are connected using Express Connect.
Operation description
This operation creates a VPC firewall that protects traffic between two VPCs connected by an Express Connect circuit. This VPC firewall does not protect cross-region traffic, cross-account traffic, or traffic between a VPC and a Virtual Border Router (VBR). For more information, see Limits on VPC firewalls.
QPS limits
The limit on queries per second (QPS) for this operation is 10 for each user. If you exceed the limit, API calls are throttled, which may affect your business. Call the operation at a reasonable rate.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language of the request and response. Valid values:
|
zh |
| VpcFirewallName |
string |
Yes |
The instance name of the VPC firewall. |
测试用实例 |
| LocalVpcId |
string |
Yes |
The instance ID of the local VPC. |
vpc-8vbwbo90rq0anm6t**** |
| LocalVpcRegion |
string |
Yes |
The region ID of the local VPC. Note
For more information about the regions where Cloud Firewall is available, see Supported regions. |
cn-hangzhou |
| PeerVpcId |
string |
Yes |
The instance ID of the peer VPC. |
vpc-wb8vbo90rq0anm6t**** |
| PeerVpcRegion |
string |
Yes |
The region ID of the peer VPC. Note
For more information about the regions where Cloud Firewall is available, see Supported regions. |
cn-shanghai |
| FirewallSwitch |
string |
Yes |
The status of the VPC firewall after it is created. Valid values:
|
open |
| LocalVpcCidrTableList |
string |
Yes |
The CIDR blocks of the local VPC. The value is a JSON string that contains the following parameters:
|
[{"RouteTableId":"vtb-1234","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]},{"RouteTableId":"vtb-1235","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]}] |
| PeerVpcCidrTableList |
string |
Yes |
The CIDR blocks of the peer VPC. The value is a JSON string that contains the following parameters:
|
[{"RouteTableId":"vtb-1234","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]},{"RouteTableId":"vtb-1235","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]}] |
| MemberUid |
string |
No |
The UID of the member account. |
258039427902**** |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| VpcFirewallId |
string |
The instance ID of the VPC firewall. |
vfw-m5e7dbc4y**** |
| RequestId |
string |
The ID of the request. |
850A84D6-0DE4-4797-A1E8-00090125h4j6 |
Examples
Success response
JSON format
{
"VpcFirewallId": "vfw-m5e7dbc4y****",
"RequestId": "850A84D6-0DE4-4797-A1E8-00090125h4j6"
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorAliUid | Aliuid invalid. | The aliuid is invalid. |
| 400 | ErrorInvalidMemberUid | Member uid is invalid | The member is invalid. |
| 400 | ErrorFirewallName | Firewall name invalid. | Firewall name error, please re-enter. |
| 400 | ErrorVpcFirewallExist | Vpc firewall already exist. | The firewall is already configured and cannot be configured repeatedly. |
| 400 | ErrorVpcIdError | Vpc ID invalid. | The VPC is incorrectly selected. Select another VPC. |
| 400 | ErrorRegionNoError | Region invalid. | Region selection error, please re-enter. |
| 400 | ErrorDestCidrError | The destination CIDR block is invalid. | The specified destination CIDR block is invalid. Enter another value. |
| 400 | ErrorDestCidrEmpty | The target network segment is empty and cannot be created | The destination CIDR block is not specified. The firewall cannot be created. |
| 400 | ErrorSameCidrIp | The same network segment cannot be configured repeatedly. Please reselect the network segment. | The CIDR block is already in use. Specify another CIDR block. |
| 400 | ErrorDBSelectError | A database select error occurred. | The error message returned because an internal error has occurred in querying the database. |
| 400 | ErrorCidrFormat | Cidr ip format error. | CIDR format error, please re-select |
| 400 | ErrorCidrIpAddress | cidr ip error. | The destination network segment is incorrect, please select again. |
| 400 | ErrorCustomRouteEntryMax | custom route exceeds maximum limit. | The number of target CIDR blocks exceeds the maximum number. Reduce the number of CIDR blocks. |
| 400 | ErrorVpcFirewallNotFound | Vpc firewall not found. | The specified VPC firewall does not exist. Select another one. |
| 400 | ErrorInvalidMemberUidStatus | invalid member uid status. | The status of the member account is invalid. This operation is not supported. |
| 400 | ErrorGeneralInstanceSpecFull | Cloud Firewall instance specifications are full. | Cloud Firewall instance specifications are full. |
| 400 | ErrorBandwidthPenalty | Cloud Firewall bandwidth is being overused. | Cloud Firewall bandwidth is being overused. |
| 400 | ErrorCenVpcEcConflict | The cloud enterprise network VPC conflicts with the Express Connect VPC. | The cloud enterprise network VPC conflicts with the Express Connect VPC and the firewall cannot be enabled. Please select |
| 400 | ErrorFirewallQuotaNotEmpty | The quota for VPC firewalls is exceeded. | The quota is insufficient. You cannot configure the VPC firewall. Increase the quota. |
| 400 | ErrorRouteTableIdNotFound | Route table id not found. | Routing table ID not found |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.