CreateNetworkRule - Key Management Service - Alibaba Cloud Documentation Center

Creates a network access rule to configure the private IP addresses or private CIDR blocks that are allowed to access a Key Management Service (KMS) instance.

Operation description

To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a KMS instance. The following process shows how to create a client key-based application access point (AAP):

1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance.

2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see CreatePolicy .

3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see CreateApplicationAccessPoint .

4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see CreateClientKey .

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
Name	string	Yes	The name of the access control rule.	networkrule_test
Type	string	Yes	The network type. Only private IP addresses are supported. Set the value to Private.	Private
Description	string	No	The description.	networkrule description
SourcePrivateIp	string	No	The private IP address or private CIDR block. Separate multiple items with commas (,).	["192.10.XX.XX","192.168.XX.XX/24"]

Response parameters

Parameter	Type	Description	Example
	object
Type	string	The network type.	Private
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	3bf02f7a-015b-4f93-be0f-cc043fda2dd3
Description	string	The description.	networkrule description
SourcePrivateIp	string	The private IP address or private CIDR block.	["192.10.XX.XX","192.168.XX.XX/24"]
Name	string	The name of the access control rule.	networkrule_test
Arn	string	The ARN of the access control rule.	acs:kms:cn-hangzhou:119285303511****:network/networkrule_test

Examples

Sample success responses

JSONformat

{
  "Type": "Private",
  "RequestId": "3bf02f7a-015b-4f93-be0f-cc043fda2dd3",
  "Description": "networkrule description",
  "SourcePrivateIp": [
    "192.10.XX.XX",
    "192.168.XX.XX/24"
  ],
  "Name": "networkrule_test",
  "Arn": "acs:kms:cn-hangzhou:119285303511****:network/networkrule_test"
}

Error codes

For a list of error codes, visit the Service error codes.