Adds a source network address translation (SNAT) entry to a specified SNAT table.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| ens:CreateSnatEntry | create |
|
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| NatGatewayId | string | Yes | The ID of the Network Address Translation (NAT) gateway. | nat-5tawjw5j7sgd2deujxuk0**** |
| SnatIp | string | Yes | The elastic IP address (EIP) in the SNAT entry. Separate multiple EIPs with commas (,). | 120.XXX.XXX.71 |
| SourceVSwitchId | string | No | The ID of the vSwitch that you need to access over the Internet. This parameter specifies that Edge Node Service (ENS) instances in the vSwitch can use the SNAT entry to access the Internet. Note
If you specify SourceVSwitchId and SourceCIDR, SourceVSwitchId does not take effect. The value that you specified for SourceCIDR takes precedence.
| vsw-bp1hwx7gi495q260p**** |
| SourceCIDR | string | No | The CIDR block. You can specify the CIDR block of a network, a vSwitch, or an instance. You can also specify a custom CIDR block. All instances within the CIDR block can access the Internet or external networks by using SNAT. Note
If you specify SourceVSwitchId and SourceCIDR, SourceVSwitchId does not take effect. The value that you specified for SourceCIDR takes precedence.
| 10.0.0.0/24 |
| SnatEntryName | string | No | The name of the SNAT entry. The name must be 1 to 128 characters in length. The name cannot start with | test0 |
| SourceNetworkId | string | No | The ID of the network. This parameter specifies that all ENS instances in the network can use the SNAT entry to access the Internet. Note
If you specify SourceNetworkId and SourceVSwitchId or SourceCIDR, SourceNetworkId does not take effect. The value that you specified for SourceCIDR takes precedence. Priority: SourceCIDR > SourceVSwitchId > SourceNetworkId.
| n-2zeuphj08tt7q3brd**** |
| StandbySnatIp | string | No | The secondary EIP in the SNAT entry. Separate multiple secondary EIPs with commas (,). | 101.XXX.XXX.7 |
Response parameters
Examples
Sample success responses
JSONformat
{
"RequestId": "018EED6A-69CA-58C8-A345-498927D5D34E",
"SnatEntryId": "snat-5tc08qfj5ecblfdn2rqr9****"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | Invalid%s | The specified parameter %s is invalid. | - |
| 400 | Missing%s | You must specify the parameter %s. | - |
| 400 | InvalidParameter.VSwitchNotFound | The specified VSwitch is not found. | - |
| 400 | Forbidden.SourceCIDR.NotSupport | SourceCIDR support intranet cidr only. | - |
| 400 | InvalidParameter.NatNotFound | The specified Nat is not found. | The specified parameter Nat does not exist. |
| 400 | InvalidParameter.SnatIp | The specified SnatIp is not found. | - |
| 400 | SnatEntryLimitExceed | The limit of snat entry in the network reaches. | - |
| 400 | SnatIpLimitExceed | The Snat pool ip too many. | - |
| 400 | InvalidParameter.SourceNetworkId | The specified parameter SourceNetworkId is invalid. | - |
| 400 | ens.interface.error | Failed to call API. | - |
| 400 | Forbidden.SourceCIDR.Duplicated | The specified sourceCIDR is duplicated. | SNAT rules have been configured for the source CIDR block. Do not repeat the settings. |
| 400 | Forbidden.SnatIpUsedInDnat | The snatIp is already in use in the DNAT rule. | The snatIp is already in use in the DNAT rule. Please check. |
| 400 | InvalidParameter.SourceCIDR | The specified parameter SourceCIDR is invalid. | The specified source CIDR block is invalid. |
| 400 | NoPermission | Permission denied. | - |
| 400 | InvalidParameter.%s | The specified field %s invalid. Please check it again. | - |
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation |
|---|---|---|
| 2024-06-28 | The Error code has changed | View Change Details |
| 2023-07-18 | The Error code has changed. The request parameters of the API has changed | View Change Details |