DescribeNetworkAcls - ENS - Alibaba Cloud Documentation Center

Queries network access control lists (ACLs).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
ens:DescribeNetworkAcls		All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
NetworkAclId	string	No	The ID of the network ACL.	nacl-bp1lhl0taikrbgnh****
NetworkAclName	string	No	The name of the network ACL.	acl-1
ResourceId	string	No	The ID of the associated instance.	n-5****
PageNumber	string	No	The page number. Pages start from page 1. Default value: 1.	1
PageSize	string	No	The number of entries per page. Maximum value: 50. Default value: 10.	10

Response parameters

Parameter	Type	Description	Example
	object	Schema of Response
RequestId	string	The ID of the request.	A1707FC0-430C-423A-B624-284046B20399
TotalCount	string	The total number of entries returned.	3
PageSize	string	The number of entries per page.	2
PageNumber	string	The page number.	1
NetworkAcls	array<object>	Details of the network ACLs.
	object
Status	string	The status of the network ACL. Valid values: Available: The network ACL is available. Modifying: The network ACL is being configured.	Available
CreationTime	string	The time when the network ACL was created. The time follows the ISO 8601 standard in the `yyyy-MM-ddTHH:mm:ssZ` format. The time is displayed in UTC.	2019-11-01T06:08:46Z
Description	string	The description of the network ACL.	This is my NetworkAcl.
NetworkAclId	string	The ID of the network ACL.	nacl-a2do9e413e0spxscd****
NetworkAclName	string	The name of the network ACL.	acl-8
IngressAclEntries	array<object>	Details of the inbound rules.
	object
Policy	string	The action that is performed on network traffic that matches the rule. Valid values: accept: allows the network traffic. drop: blocks the network traffic.	accept
NetworkAclEntryId	string	The ID of the inbound rule.	nae-5dk86arlydmezasw****
NetworkAclEntryName	string	The name of the inbound rule.	acl-3
CidrBlock	string	The source CIDR block.	10.0.0.0/24
Protocol	string	The protocol type. Valid values: icmp: ICMP. tcp: TCP. udp: UDP. all: all protocols.	all
PortRange	string	The destination port range of the inbound rule. If Protocol of the inbound rule is set to all or icmp, the port range is -1/-1, which indicates all ports. If Protocol of the inbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80. 1/200 indicates port 1 to port 200. 80/80 indicates port 80. Valid values for a port: 1 to 65535.	-1/-1
Priority	integer	The priority of the rule. Valid values: 1 to 100. Default value: 1.	1
Type	string	The type of the rule. Valid values: system: The rule is created by the system. custom: The rule is created by a user.	system
Description	string	The description of the inbound rule.	This is IngressAclEntries.
EgressAclEntries	array<object>	Details of the outbound rules.
	object
Policy	string	The action that is performed on network traffic that matches the rule. Valid values: accept: allows the network traffic. drop: blocks the network traffic.	accept
NetworkAclEntryId	string	The ID of the outbound rule.	nae-a2d447uw4tillfvgb****
NetworkAclEntryName	string	The name of the outbound rule.	acl-2
CidrBlock	string	The destination CIDR block.	10.0.0.0/24
Protocol	string	The protocol type. Valid values: icmp: ICMP. tcp: TCP. udp: UDP. all: all protocols.	all
PortRange	string	The destination port range of the outbound rule. If Protocol of the outbound rule is set to all or icmp the port range is -1/-1, which indicates all ports. If Protocol of the outbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80. 1/200 indicates port 1 to port 200. 80/80 indicates port 80. Valid values for a port: 1 to 65535.	-1/-1
Priority	integer	The priority of the rule. Valid values: 1 to 100. Default value: 1.	1
Type	string	The type of the rule. Valid values: system: The rule is created by the system. custom: The rule is created by a user.	system
Description	string	The description of the outbound rule.	This is EgressAclEntries.
Resources	array<object>	Details of the associated resources.
	object
Status	string	The association status of the resource. Valid values: BINDED: The resource is associated with the network ACL. BINDING: The resource is being associated with the network ACL. UNBINDING: The resource is being disassociated from the network ACL.	BINDING
ResourceType	string	The type of the associated resource.	Network
ResourceId	string	The ID of the associated resource.	n-****
EnsRegionId	string	The ID of the edge node.	cn-fuzhou-telecom

Examples

Sample success responses

JSONformat

{
  "RequestId": "A1707FC0-430C-423A-B624-284046B20399",
  "TotalCount": "3",
  "PageSize": "2",
  "PageNumber": "1",
  "NetworkAcls": [
    {
      "Status": "Available",
      "CreationTime": "2019-11-01T06:08:46Z",
      "Description": "This is my NetworkAcl.",
      "NetworkAclId": "nacl-a2do9e413e0spxscd****",
      "NetworkAclName": "acl-8",
      "IngressAclEntries": [
        {
          "Policy": "accept",
          "NetworkAclEntryId": "nae-5dk86arlydmezasw****",
          "NetworkAclEntryName": "acl-3",
          "CidrBlock": "10.0.0.0/24",
          "Protocol": "all",
          "PortRange": "-1/-1",
          "Priority": 1,
          "Type": "system",
          "Description": "This is IngressAclEntries."
        }
      ],
      "EgressAclEntries": [
        {
          "Policy": "accept",
          "NetworkAclEntryId": "nae-a2d447uw4tillfvgb****",
          "NetworkAclEntryName": "acl-2",
          "CidrBlock": "10.0.0.0/24",
          "Protocol": "all",
          "PortRange": "-1/-1",
          "Priority": 1,
          "Type": "system",
          "Description": "This is EgressAclEntries."
        }
      ],
      "Resources": [
        {
          "Status": "BINDING",
          "ResourceType": "Network",
          "ResourceId": "n-****",
          "EnsRegionId": "cn-fuzhou-telecom"
        }
      ]
    }
  ]
}

Error codes

HTTP status code	Error code	Error message
400	ens.interface.error	An error occurred while call the API.
400	NoPermission	Permission denied.
400	InvalidParameter.%s	The specified field %s invalid. Please check it again.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history