Call the CreateVpcEndpointService API to create an endpoint service - PrivateLink

Creates an endpoint service.

Operation description

Before you create an endpoint service, you must create a load balancing resource that is enabled for PrivateLink. For more information, see the referenced document.
CreateVpcEndpointService is an asynchronous operation. After you call this operation, an instance ID is returned. The endpoint service is then created by a background task. You can call the GetVpcEndpointServiceAttribute operation to query the creation status of the endpoint service:
- Creating: The endpoint service is being created.
- Active: The endpoint service is created.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

privatelink:CreateVpcEndpointService

create

*VpcEndpointService

acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/*

LoadBalancer

acs:alb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}

LoadBalancer

acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}

NatGateway

acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}

LoadBalancer

acs:slb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID of the endpoint service. Call the DescribeRegions operation to obtain the region ID.	cn-huhehaote
ClientToken	string	No	The client token that ensures the idempotence of the request. Generate a unique parameter value from your client for different requests. ClientToken supports only ASCII characters.	0c593ea1-3bea-11e9-b96b-88e9fe637760
DryRun	boolean	No	Specifies whether to perform a dry run. Valid values: true: Sends a check request without creating resources. This checks for required parameters, request format, and business limits. If the check fails, an error is returned. If the check passes, the `DryRunOperation` error code is returned. false (default): Sends a normal request. If the check passes, a 2xx HTTP status code is returned, and the operation proceeds.	false
ServiceDescription	string	No	The description of the endpoint service.	This is my EndpointService.
AutoAcceptEnabled	boolean	No	Specifies whether to automatically accept endpoint connections. Valid values: true: Automatically accepts endpoint connections. false (default): Does not automatically accept endpoint connections.	false
Payer	string	No	The payer. Valid values: Endpoint: The service consumer. EndpointService: The service provider.	Endpoint
ZoneAffinityEnabled	boolean	No	Specifies whether to enable zone affinity for endpoint domain name resolution. Valid values: true: Yes. false (default): No.	false
ServiceResourceType	string	No	The service resource type. Valid values: slb: Classic Load Balancer (CLB). alb: Application Load Balancer (ALB). nlb: Network Load Balancer (NLB). gwlb: Gateway Load Balancer (GWLB). Note TCPSSL listeners of NLB instances are not supported.	slb
Resource	array<object>	No	The collection of endpoint service resources. You can add up to 10 resources when creating an endpoint service. After creation, add more service resources by adding them to the endpoint.
	object	No	The collection of endpoint service resources.
ResourceType	string	No	The type of service resource to add to the endpoint service. An endpoint service supports up to 20 service resources. Valid values: slb: Classic Load Balancer (CLB). alb: Application Load Balancer (ALB). nlb: Network Load Balancer (NLB). gwlb: Gateway Load Balancer (GWLB). Note In regions that support PrivateLink, all CLB instances in a virtual private cloud (VPC) can be used as service resources for an endpoint service.	slb
ResourceId	string	No	The ID of the service resource to add to the endpoint service.	lb-hp32z1wp5peaoox2q****
ZoneId	string	No	The zone ID.	cn-huhehaote-a
RegionId	string	Yes	The region ID of the endpoint service. Call the DescribeRegions operation to obtain the region ID.	cn-huhehaote
ServiceSupportIPv6 `deprecated`	boolean	No	Specifies whether the endpoint service supports IPv6. Valid values: true: Yes. false (default): No.	false
ResourceGroupId	string	No	The resource group ID.	rg-acfmy*****
Tag	array<object>	No	The list of tags.
	object	No	The list of tags.
Key	string	No	The tag key of the instance. You can specify up to 20 tag keys. The tag key cannot be an empty string. The tag key can be up to 64 characters and cannot start with `aliyun` or `acs:`. It cannot contain `http://` or `https://`.	env
Value	string	No	The tag value of the instance. You can specify up to 20 tag values. The tag value can be an empty string. The tag value can be up to 128 characters and cannot start with `aliyun` or `acs:`. It cannot contain `http://` or `https://`.	prod
AddressIpVersion	string	No	The IP version. Valid values: IPv4: IPv4 type (default). DualStack: Dual-stack type. Note Only endpoint services that use NLB or GWLB instances as backend resources support specifying DualStack as the IP address protocol. If an endpoint service supports dual-stack, its backend resources must also support dual-stack. Valid values: IPv4 : IPv4 DualStack : DualStack	IPv4
SupportedRegionList	array	No
	string	No

Response elements

Element	Type	Description	Example
	object
ServiceBusinessStatus	string	The business status of the endpoint service. Valid values: Normal: Normal. FinancialLocked: Financial lock.	Normal
RequestId	string	The request ID.	8D8992C1-6712-423C-BAC5-E5E817484C6B
ServiceName	string	The name of the endpoint service.	com.aliyuncs.privatelink.cn-huhehaote.epsrv-hp3vpx8yqxblby3i****
ServiceStatus	string	The status of the endpoint service. Valid values: Creating: Creating. Pending: Modifying. Active: Active. Deleting: Deleting.	Active
ServiceDescription	string	The description of the endpoint service.	This is my EndpointService.
CreateTime	string	The creation time of the endpoint service.	2022-01-02T19:11:12Z
ServiceDomain	string	The service domain name of the endpoint service.	epsrv-hp3vpx8yqxblby3i****.cn-huhehaote.privatelink.aliyuncs.com
ZoneAffinityEnabled	boolean	Specifies whether to enable zone affinity for endpoint domain name resolution. Valid values: true: Yes. false: No.	false
AutoAcceptEnabled	boolean	Specifies whether to automatically accept endpoint connections. Valid values: true: Automatically accepts endpoint connections. false: Does not automatically accept endpoint connections.	false
ServiceId	string	The ID of the endpoint service.	epsrv-hp3vpx8yqxblby3i****
ServiceSupportIPv6 `deprecated`	boolean	Specifies whether the endpoint service supports IPv6. Valid values: true: Yes. false: No.	false
ResourceGroupId	string	The resource group ID.	rg-acfmy*****
AddressIpVersion	string	The IP version. Valid values: IPv4: IPv4 type. DualStack: Dual-stack type.	IPv4
SupportedRegionSet	array<object>
	object
ServiceRegionId `deprecated`	string
RegionServiceStatus	string
RegionBusinessStatus	string
SupportedRegionId	string

Examples

Success response

JSON format

{
  "ServiceBusinessStatus": "Normal",
  "RequestId": "8D8992C1-6712-423C-BAC5-E5E817484C6B",
  "ServiceName": "com.aliyuncs.privatelink.cn-huhehaote.epsrv-hp3vpx8yqxblby3i****",
  "ServiceStatus": "Active",
  "ServiceDescription": "This is my EndpointService.",
  "CreateTime": "2022-01-02T19:11:12Z",
  "ServiceDomain": "epsrv-hp3vpx8yqxblby3i****.cn-huhehaote.privatelink.aliyuncs.com",
  "ZoneAffinityEnabled": false,
  "AutoAcceptEnabled": false,
  "ServiceId": "epsrv-hp3vpx8yqxblby3i****",
  "ServiceSupportIPv6": false,
  "ResourceGroupId": "rg-acfmy*****",
  "AddressIpVersion": "IPv4",
  "SupportedRegionSet": [
    {
      "ServiceRegionId": "",
      "RegionServiceStatus": "",
      "RegionBusinessStatus": "",
      "SupportedRegionId": ""
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	EndpointServiceExist	The specified Endpoint Service already exists.	The specified Endpoint Service already exists.
400	AlbNotFound	The specified Alb does not exist.	The specified Alb does not exist.
400	LoadBalancerNotFound	The specified load balancer does not exist.	The specified Alb does not exist.
400	LoadBalancerNotSupportPrivateLink	The specified SLB does not support PrivateLink.	The specified SLB does not support PrivateLink.
400	GenerateResourceIdFailed	Failed to generate ResourceId.	Failed to generate ResourceId.
400	QuotaMisMatched	The resource you applied for has exceeded the quota.	The resource you applied for has exceeded the quota.
400	VSwitchNotFound	The specified VSwitch does not exist.
400	EndpointServicePayerForbidden	The parameter EndpointServicePayer is forbidden. The user is not in the whitelist.
400	NeedOpenProduct	The product is not activated.	The product is not activated.
400	EndpointServiceNotSupportedZone	The specified endpoint service does not support the zone.	The specified endpoint service does not support the zone.
400	IllegalParamFormat.%s	The param format of %s is illegal.	The parameter format of %s is illegal.
400	MissingParam.%s	The param of %s is missing.	The parameter %s is missing.
400	ResourceNotFound.NatGateway	The specified resource %s is not found.
400	Mismatch.ResourceType	The %s is mismatched for %s and %s.	The %s is mismatched for %s and %s.
400	EndpointServiceNotSupportIpv6	The param supportIpv6 of EndpointService is forbidden , resource is not support ipv6.	The endpoint service does not support IPv6.
400	OperationDenied.PrivateDomainNotSupport	The operation is not allowed because of PrivateDomainNotSupport.
400	Conflict.ServiceName	The ServiceName %s is conflict.
400	InvalidParam.PrivateDnsName	The parameter of PrivateDnsName is illegal, which needs to end with aliyun.com, aliyun-inc.com, or aliyuncs.com.
400	OperationDenied.ZoneAffinityNotSupport	The operation is not allowed because of zone affinity not support.	The operation is not allowed because zone affinity is not supported.
400	OperationDenied.RamPolicyNotSupport	The operation is not allowed because of RamPolicyNotSupport.	The operation is not allowed because ram policy are not supported.
400	OperationDenied.ResourceTypeNotSupportDualStack	The specified resource type does not support dualstack.	The specified resource type does not support dualstack.
400	OperationDenied.ServiceResourceIpVersionMismatch	The endpoint service and service resource AddressIpVersion do not match.	The endpoint service and service resource AddressIpVersion do not match.
400	IllegalParam.AddressIpVersion	The specified parameter AddressIpVersion is invalid.	The specified parameter AddressIpVersion does not meet the requirements.
400	SpecifiedAlbNotSupport	The specified alb %s is not supported.	the specified alb instance is not supported.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.