Creates a NAT CIDR block.

Usage notes

You cannot repeatedly call the CreateNatIpCidr operation to create a NAT CIDR block within the specified period of time.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameter

Parameter Type Required Example Description
RegionId String Yes eu-central-1

The region ID of the NAT gateway with which you want to associate the CIDR block.

You can call the DescribeRegions operation to query the most recent region list.

NatGatewayId String Yes ngw-gw8v16wgvtq26vh59****

The ID of the Virtual Private Cloud (VPC) NAT gateway with which you want to associate the CIDR block.

NatIpCidrName String Yes newcidr

The name of the CIDR block.

The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). It must start with a letter. It cannot start with http:// or https://.

NatIpCidrDescription String Yes mycidr

The description of the CIDR block.

The description must be 2 to 256 characters in length. It must start with a letter but cannot start with http:// or https://.

DryRun Boolean No false

Specifies whether only to precheck this request. Valid values:

  • true: prechecks the request but does not create the NAT CIDR block. The system checks the required parameters, request syntax, and limits. If the request fails precheck, an error message is returned. If the request passes the precheck, the DryRunOperation error code is returned.
  • false (default): sends the request. If the request passes the precheck, an HTTP 2xx status code is returned and the NAT CIDR block is created.
ClientToken String No 5A2CFF0E-5718-45B5-9D4D-70B3FF3898

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the value, but you must make sure that it is unique among different requests. The client token can contain only ASCII characters.

Note If you do not set this parameter, ClientToken is set to the value of RequestId. The value of RequestId for each API request may be different.
NatIpCidr String No

The CIDR block that you want to associate with the NAT gateway.

The new CIDR block must meet the following conditions:

  • The NAT CIDR block must fall within,,, or their subnets.
  • The subnet mask must be 16 to 32 bits in length.
  • The NAT CIDR block cannot overlap with the private CIDR block of the VPC to which the NAT gateway belongs. If you want to use other IP addresses from the private CIDR block of the VPC to provide NAT services, create a vSwitch and attach the vSwitch to another VPC NAT gateway.
  • If you want to use public IP addresses to provide NAT services, make sure that the public IP addresses fall within a customer CIDR block of the VPC to which the VPC NAT gateway belongs. For more information, see What is customer CIDR block?
Action String Yes CreateNatIpCidr

The operation that you want to perform. Set the value to CreateNatIpCidr.

Response parameters

Parameter Type Example Description
NatIpCidrId String vpcnatcidr-gw8lhqtvdn4qnea****

The ID of the CIDR block that is associated with the NAT gateway.

RequestId String 7021BEB1-210F-48A9-AB82-BE9A9110BB89

The ID of the request.


Sample requests

&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK


JSON format

HTTP/1.1 200 OK

  "NatIpCidrId" : "vpcnatcidr-gw8lhqtvdn4qnea****",
  "RequestId" : "7021BEB1-210F-48A9-AB82-BE9A9110BB89"

Error codes

HTTP status code Error code Error message Description
404 InvalidRegionId.NotFound The specified RegionId does not exist in our records. The error message returned because the specified region ID does not exist.

For a list of error codes, visit the API Error Center.