Creates a NAT CIDR block.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
RegionId String Yes eu-central-1

The region ID of the NAT gateway with which you want to associate the CIDR block.

You can call the DescribeRegions operation to query the most recent region list.

NatGatewayId String Yes ngw-gw8v16wgvtq26vh59****

The ID of the Virtual Private Cloud (VPC) NAT gateway with which you want to associate the CIDR block.

NatIpCidrName String Yes newcidr

The name of the CIDR block.

The name must be 2 to 128 characters in length and can contain digits, periods (.), underscores (_), and hyphens (-). It must start with a letter. It cannot start with http:// or https://.

NatIpCidrDescription String Yes mycidr

The description of the CIDR block.

The description must be 2 to 256 characters in length. It must start with a letter but cannot start with http:// or https://.

DryRun Boolean No false

Specifies whether to only precheck the request. Valid values:

  • true: checks the API request. The CIDR block is not associated with the NAT CIDR block if the request passes the precheck. The system checks the required parameters, request syntax, and limits. If the request fails to pass the precheck, the corresponding error message is returned. If the request passes the precheck, the DryRunOperation error code is returned.
  • false (default): sends the API request. If the request passes the precheck, a 2xx HTTP status code is returned and the operation is performed.
ClientToken String No 5A2CFF0E-5718-45B5-9D4D-70B3FF3898

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the value, but you must make sure that it is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length.

Note If you do not set this parameter, the system automatically uses RequestId as ClientToken. RequestId may be different for each API request.
NatIpCidr String No

The CIDR block that you want to associate with the NAT gateway.

The CIDR block of the NAT gateway must meet the following conditions:

  • The NAT CIDR block must fall within,,, or their subnets.
  • The subnet mask must be 16 to 32 bits in length.
  • The CIDR block that you associate with the NAT gateway cannot overlap with the private CIDR block of the VPC to which the NAT gateway belongs. If you want to use other IP addresses from the VPC to provide NAT services, create a vSwitch and attach it to another VPC NAT gateway.
  • If you want to use public IP address to provide NAT services, make sure that the public IP addresses fall within a customer CIDR block of the VPC to which the VPC NAT gateway belongs. For more information, see What is customer CIDR block.
Action String Yes CreateNatIpCidr

The operation that you want to perform. Set the value to CreateNatIpCidr.

Response parameters

Parameter Type Example Description
NatIpCidrId String vpcnatcidr-gw8lhqtvdn4qnea****

The ID of the CIDR block that is associated with the NAT gateway.

RequestId String 7021BEB1-210F-48A9-AB82-BE9A9110BB89

The ID of the request.


Sample requests

&Common request parameters

Sample responses

XML format

HTTP/1.1 200 OK


JSON format

HTTP/1.1 200 OK

  "NatIpCidrId" : "vpcnatcidr-gw8lhqtvdn4qnea****",
  "RequestId" : "7021BEB1-210F-48A9-AB82-BE9A9110BB89"

Error codes

HttpCode Error code Error message Description
404 InvalidRegionId.NotFound The specified RegionId does not exist in our records. The error message returned because the specified region ID does not exist.

For a list of error codes, visit the API Error Center.