Creates a virtual private cloud (VPC) firewall that protects traffic between two VPCs connected through Express Connect.
Operation description
This operation is used to create a VPC firewall. This virtual private cloud (VPC) firewall protects traffic between two VPCs connected through Express Connect. This VPC firewall does not support protection for cross-region traffic, cross-account traffic, or traffic between a VPC and a virtual border router (VBR). For more information, see VPC firewall limits.
Rate limit
The single-user QPS limit for this operation is 10 calls per second. If this limit is exceeded, the API invocations are throttled, which may affect your business. Manage your invocations appropriately.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
yundun-cloudfirewall:CreateVpcFirewallConfigure |
create |
*VpcFirewall
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language of the request and response. Valid values:
|
zh |
| VpcFirewallName |
string |
Yes |
The instance name of the virtual private cloud (VPC) firewall. |
test-vpc-firewall |
| LocalVpcId |
string |
Yes |
The instance ID of the local VPC. |
vpc-8vbwbo90rq0anm6t**** |
| LocalVpcRegion |
string |
Yes |
The region ID of the local VPC. Note
For more information about the regions supported by Cloud Firewall, see Supported regions. |
cn-hangzhou |
| PeerVpcId |
string |
Yes |
The instance ID of the peer VPC. |
vpc-wb8vbo90rq0anm6t**** |
| PeerVpcRegion |
string |
Yes |
The region ID of the peer VPC. Note
For more information about the regions supported by Cloud Firewall, see Supported regions. |
cn-shanghai |
| FirewallSwitch |
string |
Yes |
Settings for the enabling status of the virtual private cloud (VPC) firewall after it is created. Valid values:
|
open |
| LocalVpcCidrTableList |
string |
Yes |
The CIDR block list of the local VPC, in JSON format. This parameter contains the following fields:
|
[{"RouteTableId":"vtb-1234","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]},{"RouteTableId":"vtb-1235","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]}] |
| PeerVpcCidrTableList |
string |
Yes |
The CIDR block list of the peer VPC, in JSON format. This parameter contains the following fields:
|
[{"RouteTableId":"vtb-1234","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]},{"RouteTableId":"vtb-1235","RouteEntryList":[{"DestinationCidr":"192.168.XX.XX/24","NextHopInstanceId":"vrt-m5eb5me6c3l5sezae****"}]}] |
| MemberUid |
string |
No |
The UID of the Alibaba Cloud member account. |
258039427902**** |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| VpcFirewallId |
string |
The instance ID of the virtual private cloud (VPC) firewall. |
vfw-m5e7dbc4y**** |
| RequestId |
string |
The request ID. |
850A84D6-0DE4-4797-A1E8-00090125h4j6 |
Examples
Success response
JSON format
{
"VpcFirewallId": "vfw-m5e7dbc4y****",
"RequestId": "850A84D6-0DE4-4797-A1E8-00090125h4j6"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorAliUid | Aliuid invalid. | The aliuid is invalid. |
| 400 | ErrorInvalidMemberUid | Member uid is invalid | The member is invalid. |
| 400 | ErrorFirewallName | Firewall name invalid. | Firewall name error, please re-enter. |
| 400 | ErrorVpcFirewallExist | Vpc firewall already exist. | The firewall is already configured and cannot be configured repeatedly. |
| 400 | ErrorVpcIdError | Vpc ID invalid. | The VPC is incorrectly selected. Select another VPC. |
| 400 | ErrorRegionNoError | Region invalid. | Region selection error, please re-enter. |
| 400 | ErrorDestCidrError | The destination CIDR block is invalid. | The specified destination CIDR block is invalid. Enter another value. |
| 400 | ErrorDestCidrEmpty | The target network segment is empty and cannot be created | The destination CIDR block is not specified. The firewall cannot be created. |
| 400 | ErrorSameCidrIp | The same network segment cannot be configured repeatedly. Please reselect the network segment. | The CIDR block is already in use. Specify another CIDR block. |
| 400 | ErrorDBSelectError | A database select error occurred. | The error message returned because an internal error has occurred in querying the database. |
| 400 | ErrorCidrFormat | Cidr ip format error. | CIDR format error, please re-select |
| 400 | ErrorCidrIpAddress | cidr ip error. | The destination network segment is incorrect, please select again. |
| 400 | ErrorCustomRouteEntryMax | custom route exceeds maximum limit. | The number of target CIDR blocks exceeds the maximum number. Reduce the number of CIDR blocks. |
| 400 | ErrorVpcFirewallNotFound | Vpc firewall not found. | The specified VPC firewall does not exist. Select another one. |
| 400 | ErrorInvalidMemberUidStatus | invalid member uid status. | The status of the member account is invalid. This operation is not supported. |
| 400 | ErrorGeneralInstanceSpecFull | Cloud Firewall instance specifications are full. | Cloud Firewall instance specifications are full. |
| 400 | ErrorBandwidthPenalty | Cloud Firewall bandwidth is being overused. | Cloud Firewall bandwidth is being overused. |
| 400 | ErrorCenVpcEcConflict | The cloud enterprise network VPC conflicts with the Express Connect VPC. | The cloud enterprise network VPC conflicts with the Express Connect VPC and the firewall cannot be enabled. Please select |
| 400 | ErrorFirewallQuotaNotEmpty | The quota for VPC firewalls is exceeded. | The quota is insufficient. You cannot configure the VPC firewall. Increase the quota. |
| 400 | ErrorRouteTableIdNotFound | Route table id not found. | Routing table ID not found |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.