All Products
Search

This Product

    ENS:CreateSnatEntry

    Document Center

    ENS:CreateSnatEntry

    Last Updated:Mar 27, 2026

    Adds a source network address translation (SNAT) entry to a specified SNAT table.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    ens:CreateSnatEntry

    create

    *All Resource

    *

    		 None None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    NatGatewayId

    string

    Yes

    The ID of the Network Address Translation (NAT) gateway.

    nat-5tawjw5j7sgd2deujxuk0****
    SnatIp

    string

    Yes

    The elastic IP address (EIP) in the SNAT entry. Separate multiple EIPs with commas (,).

    120.XXX.XXX.71
    SourceVSwitchId

    string

    No

    The ID of the vSwitch that you need to access over the Internet. This parameter specifies that Edge Node Service (ENS) instances in the vSwitch can use the SNAT entry to access the Internet.

    Note

    If you specify SourceVSwitchId and SourceCIDR, SourceVSwitchId does not take effect. The value that you specified for SourceCIDR takes precedence.

    vsw-bp1hwx7gi495q260p****
    SourceCIDR

    string

    No

    The CIDR block. You can specify the CIDR block of a network, a vSwitch, or an instance. You can also specify a custom CIDR block. All instances within the CIDR block can access the Internet or external networks by using SNAT.

    Note

    If you specify SourceVSwitchId and SourceCIDR, SourceVSwitchId does not take effect. The value that you specified for SourceCIDR takes precedence.

    10.0.0.0/24
    SnatEntryName

    string

    No

    The name of the SNAT entry. The name must be 1 to 128 characters in length. The name cannot start with http:// or https://.

    test0
    SourceNetworkId

    string

    No

    The ID of the network. This parameter specifies that all ENS instances in the network can use the SNAT entry to access the Internet.

    Note

    If you specify SourceNetworkId and SourceVSwitchId or SourceCIDR, SourceNetworkId does not take effect. The value that you specified for SourceCIDR takes precedence. Priority: SourceCIDR > SourceVSwitchId > SourceNetworkId.

    n-2zeuphj08tt7q3brd****
    StandbySnatIp

    string

    No

    The secondary EIP in the SNAT entry. Separate multiple secondary EIPs with commas (,).

    101.XXX.XXX.7
    IdleTimeout

    integer

    No

    The timeout period for idle connections. Valid values: 1 to 86400. Unit: seconds.

    15
    IspAffinity

    boolean

    No

    Whether to enable operator affinity. Value taking:

    • false:Do not open.

    • true:Open.

    true
    EipAffinity

    boolean

    No

    Specifies whether to enable IP affinity. If you do not specify this parameter, IP affinity is enabled by default. Valid values:

    • false

    • true

    Note

    After you enable IP affinity, if multiple EIPs are associated with an SNAT entry, one client uses the same EIP to for communication. If IP affinity is disabled, the client uses a random EIP for communication.

    false

    Response elements

    Element

    Type

    Description

    Example

    object

    Schema of Response.

    RequestId

    string

    The ID of the request.

    018EED6A-69CA-58C8-A345-498927D5D34E
    SnatEntryId

    string

    The ID of the SNAT entry.

    snat-5tc08qfj5ecblfdn2rqr9****

    Examples

    Success response

    JSON format

    {
  "RequestId": "018EED6A-69CA-58C8-A345-498927D5D34E",
  "SnatEntryId": "snat-5tc08qfj5ecblfdn2rqr9****"
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    400 Invalid%s The specified parameter %s is invalid.
    400 Missing%s You must specify the parameter %s.
    400 Forbidden.SourceCIDR.NotSupport SourceCIDR support intranet cidr only.
    400 InvalidParameter.NatNotFound The specified Nat is not found. The specified parameter Nat does not exist.
    400 InvalidParameter.SnatIp The specified SnatIp is not found.
    400 SnatEntryLimitExceed The limit of snat entry in the network reaches.
    400 SnatIpLimitExceed The Snat pool ip too many.
    400 InvalidParameter.SourceNetworkId The specified parameter SourceNetworkId is invalid.
    400 ens.interface.error Failed to call API.
    400 Forbidden.SourceCIDR.Duplicated The specified sourceCIDR is duplicated. SNAT rules have been configured for the source CIDR block. Do not repeat the settings.
    400 Forbidden.SnatIpUsedInDnat The snatIp is already in use in the DNAT rule. The snatIp is already in use in the DNAT rule. Please check.
    400 InvalidParameter.SourceCIDR The specified parameter SourceCIDR is invalid. The specified source CIDR block is invalid.
    400 InvalidVSwitchId.NotFound Specified virtual switch does not exist. The specified virtual switch ID does not exist.
    400 NoPermission Permission denied.
    400 InvalidParameter.%s The specified field %s invalid. Please check it again.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.