All Products
Search

This Product

    Key Management Service:CreateNetworkRule

    Document Center

    Key Management Service:CreateNetworkRule

    Last Updated:Oct 11, 2023

    Creates an access control rule to configure the private IP addresses or CIDR blocks that are allowed to access a Key Management Service (KMS) instance.

    Usage notes

    To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a KMS instance. The following process shows how to create a client key-based application access point (AAP):

    1. Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance.

    2. Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see CreatePolicy.

    3. Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see CreateApplicationAccessPoint.

    4. Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see CreateClientKey.

    Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

    Request parameters

    Parameter

    Type

    Required

    Example

    Description
    Action String Yes CreateNetworkRule

    The operation that you want to perform. Set the value to CreateNetworkRule.

    Name String Yes networkrule_test

    The name of the access control rule.

    Type String Yes Private

    The network type.

    Only private IP addresses are supported. Set the value to Private.

    Description String No networkrule description

    The description.

    SourcePrivateIp String No ["192.10.XX.XX","192.168.XX.XX/24"]

    The private IP address or private CIDR block. Separate multiple items with commas (,).

    Response parameters

    Parameter

    Type

    Example

    Description
    Type String Private

    The network type.

    RequestId String 3bf02f7a-015b-4f93-be0f-cc043fda2dd3

    The ID of the request, which is used to locate and troubleshoot issues.

    Description String networkrule description

    The description.

    SourcePrivateIp String ["192.10.XX.XX","192.168.XX.XX/24"]

    The private IP address or private CIDR block.

    Name String networkrule_test

    The name of the access control rule.

    Arn String acs:kms:cn-hangzhou:119285303511****:network/networkrule_test

    The ARN of the access control rule.

    Examples

    Sample requests

    http(s)://[Endpoint]/?Action=CreateNetworkRule
&Name=networkrule_test
&Type=Private
&Description=networkrule description
&SourcePrivateIp=["192.10.XX.XX","192.168.XX.XX/24"]
&Common request parameters

    Sample success responses

    XML format

    HTTP/1.1 200 OK
Content-Type:application/xml

<CreateNetworkRuleResponse>
    <Type>Private</Type>
    <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2dd3</RequestId>
    <Description>networkrule description</Description>
    <SourcePrivateIp>["192.10.XX.XX","192.168.XX.XX/24"]</SourcePrivateIp>
    <Name>networkrule_test</Name>
    <Arn>acs:kms:cn-hangzhou:119285303511****:network/networkrule_test</Arn>
</CreateNetworkRuleResponse>

    JSON format

    HTTP/1.1 200 OK
Content-Type:application/json

{
  "Type" : "Private",
  "RequestId" : "3bf02f7a-015b-4f93-be0f-cc043fda2dd3",
  "Description" : "networkrule description",
  "SourcePrivateIp" : "[\"192.10.XX.XX\",\"192.168.XX.XX/24\"]",
  "Name" : "networkrule_test",
  "Arn" : "acs:kms:cn-hangzhou:119285303511****:network/networkrule_test"
}

    Error codes

    For a list of error codes, see Service error codes.