Copies all access control policies from a policy group of a source virtual private cloud (VPC) firewall to a policy group of a destination VPC firewall.

Description

You can call the BatchCopyVpcFirewallControlPolicy operation to copy all access control policies from a policy group of a source VPC firewall to a policy group of a destination VPC firewall.

Before you call this operation, we recommend that you back up access control policies. For more information about how to back up an access control policy, see Back up an access control policy.

After you call this operation, all the access control policies in the policy group of the destination VPC firewall are replaced.

The policy groups of the source VPC firewall and the destination VPC firewall must belong to the same Alibaba Cloud account.

Limits

You can call this operation up to 10 times per second per account. When the number of calls to this operation per second exceeds the limit, throttling is triggered. Throttling may affect your business. We recommend that you take note of the limit on this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes BatchCopyVpcFirewallControlPolicy

The operation that you want to perform. Set the value to BatchCopyVpcFirewallControlPolicy.

SourceIp String No 192.0.XX.XX

The source IP address of the request.

Lang String No zh

The language of the content within the request and response. Valid values:

  • zh: Chinese (default)
  • en: English
SourceVpcFirewallId String Yes vfw-a42bbb7b887148c9****

The ID of the policy group of the source VPC firewall. Valid values:

  • If the VPC firewall protects mutual access traffic between a VPC and a specified network instance that is attached to a Cloud Enterprise Network (CEN) instance, the value of this parameter is the ID of the CEN instance. The network instance can be a VPC, a virtual border router (VBR), or a Cloud Connect Network (CCN) instance.
  • If the VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit, the value of this parameter is the instance ID of the VPC firewall.
Note You can call the DescribeVpcFirewallAclGroupList operation to query the IDs of policy groups.
TargetVpcFirewallId String Yes vfw-e37d3a04cf79446a****

The ID of the policy group of the destination VPC firewall. Valid values:

  • If the VPC firewall protects mutual access traffic between a VPC and a specified network instance that is attached to a CEN instance, the value of this parameter is the ID of the CEN instance. The network instance can be a VPC, a VBR, or a CCN instance.
  • If the VPC firewall protects traffic between two VPCs that are connected by using an Express Connect circuit, the value of this parameter is the instance ID of the VPC firewall.
Note You can call the DescribeVpcFirewallAclGroupList operation to query the IDs of policy groups.

Response parameters

Parameter Type Example Description
RequestId String 850A84D6-0DE4-4797-A1E8-00090125k6j3

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=BatchCopyVpcFirewallControlPolicy
&SourceIp=192.0.XX.XX
&Lang=zh
&SourceVpcFirewallId=vfw-a42bbb7b887148c9****
&TargetVpcFirewallId=vfw-e37d3a04cf79446a****
&Common request parameters

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<BatchCopyVpcFirewallControlPolicyResponse>
    <RequestId>850A84D6-0DE4-4797-A1E8-00090125k6j3</RequestId>
</BatchCopyVpcFirewallControlPolicyResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "850A84D6-0DE4-4797-A1E8-00090125k6j3"
}