All Products
Search
Document Center

File Storage NAS:CreateAccessPoint

Last Updated:Jun 29, 2026

Creates an access point.

Operation description

  • When you invoke the CreateAccessPoint operation to create an access point, some resources are generated asynchronously. After the CreateAccessPoint operation succeeds, execute the DescribeAccessPoints or DescribeAccessPoint operation to query the access point status. Mount the file system only after the access point status becomes Active. Otherwise, the mount operation may fail.

  • Only General-purpose NAS NFS file systems support this feature.

  • If you enable the RAM policy (EnabledRam), configure the corresponding RAM permissions. For more information, see Manage access points.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

nas:CreateAccessPoint

create

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

FileSystemId

string

Yes

The file system ID.

31a8e4****

AgenticSpaceId

string

No

The AgenticSpace ID.

Note

This parameter is required for Agentic file systems.

agentic-229oypxjgpau2****

AccessGroup

string

No

The name of the permission group.

This parameter is required if the file system is a General-purpose NAS file system.

Default permission group: DEFAULT_VPC_GROUP_NAME (the default permission group for VPCs).

Note

Not supported for Agentic file systems.

DEFAULT_VPC_GROUP_NAME

VswId

string

Yes

The vSwitch ID.

vsw-2zevmwkwyztjuoffg****

VpcId

string

Yes

The virtual private cloud (VPC) ID.

vpc-2zesj9afh3y518k9o****

AccessPointName

string

No

The name of the access point.

test

RootDirectory

string

No

The root directory of the access point. Default value: "/". If the access point directory does not exist, you must also specify the OwnerUserId and OwnerGroupId parameters.

Note

Supported only for Agentic file systems.

/

EnabledRam

boolean

No

Specifies whether to enable access point policy. Valid values:

  • true: enabled.

  • false (default): not enabled.

Note

After you enable access point policy for the access point, all Resource Access Management (RAM) users are denied access to mount and access data through the access point by default. You must grant the corresponding access permissions through authorization and then mount and access the file system through the access point. After you disable access point policy, the access point allows anonymity mounting. For more information about how to configure access point permissions, see Configure access point policies.

Note

For Agentic file systems, this parameter must be set to true.

false

OwnerUserId

integer

No

The owner user ID.

This parameter is required if the RootDirectory directory does not exist.

Note

Not supported for Agentic file systems.

1

OwnerGroupId

integer

No

The owner group ID.

This parameter is required if the RootDirectory directory does not exist.

Note

Not supported for Agentic file systems.

1

Permission

string

No

The POSIX permission. Default value: "0755". The value must be a four-digit octal number that starts with 0.

This parameter takes effect only after you specify the OwnerUserId and OwnerGroupId parameters.

Note

Not supported for Agentic file systems.

0755

PosixUserId

integer

No

The POSIX user ID.

Note

Not supported for Agentic file systems.

123

PosixGroupId

integer

No

The POSIX group ID.

Note

Not supported for Agentic file systems.

123

PosixSecondaryGroupIds

string

No

The secondary group IDs. Separate multiple group IDs with commas (,).

Note

Not supported for Agentic file systems.

123,345

Tag

array<object>

No

The list of access point tags.

object

No

The list of access point tags.

Key

string

No

The tag key. Limits:

  • Cannot be empty or an empty string.

  • Can be up to 128 characters in length.

  • Cannot start with aliyun or acs:.

  • Cannot contain http:// or https://.

TestKey

Value

string

No

The tag value. Limits:

  • Cannot be empty or an empty string.

  • Can be up to 128 characters in length.

  • Cannot contain http:// or https://.

TestValue

Response elements

Element

Type

Description

Example

object

Schema of Response

RequestId

string

The request ID.

98696EF0-1607-4E9D-B01D-F20930B6****

AccessPoint

object

The access point.

AccessPointDomain

string

The domain name of the access point.

ap-ie15ydanoz.001014****-w****.cn-hangzhou.nas.aliyuncs.com

AccessPointId

string

The access point ID.

ap-ie15yd****

Examples

Success response

JSON format

{
  "RequestId": "98696EF0-1607-4E9D-B01D-F20930B6****\n",
  "AccessPoint": {
    "AccessPointDomain": "ap-ie15ydanoz.001014****-w****.cn-hangzhou.nas.aliyuncs.com",
    "AccessPointId": "ap-ie15yd****"
  }
}

Error codes

HTTP status code

Error code

Error message

Description

400 InvalidRequest The request is invalid. Invalid request
403 InvalidProtocolType.NotSupported The specified protocol type does not supported.
403 InvalidRamRole.NotExist The specified RAM role does not exist. The specified RAM role does not exist.
403 InvalidRamRole.NoPermission The specified RAM role does not have sufficient permission. The specified RAM role does not have sufficient permission.
403 OperationDenied.AccessPointCountsExceeded The maxium number of access point has reached its limits. The access point of the current file system has reached the upper limit.
404 InvalidAccessGroup.NotFound The specified AccessGroup does not exist. The permission group that you specified does not exist or has been deleted.
404 InvalidFileSystem.NotFound The specified file system does not exist. The specified file system does not exist.
404 InvalidVpc.NotFound The specified Vpc is not found. The specified VPC does not exist. Create a VPC first.
404 InvalidVswitch.NotFound The specified VSwitch does not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.