CreateVpcEndpointService - PrivateLink - Alibaba Cloud Documentation Center

Creates an endpoint service.

Operation description

Before you create an endpoint service, make sure that you have created a load balancing resource that supports PrivateLink. For more information, see Create an SLB instance.
CreateVpcEndpointService is an asynchronous operation. After a request is sent, the system returns an instance ID and creates the endpoint service in the background. You can call the GetVpcEndpointServiceAttribute operation to query the status of the endpoint service.
- If the endpoint service is in the Creating status, it is being created.
- If the endpoint service is in the Active status, it is created.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

privatelink:CreateVpcEndpointService

create

*VpcEndpointService

acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/*

LoadBalancer

acs:alb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}

LoadBalancer

acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}

NatGateway

acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}

LoadBalancer

acs:slb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID of the endpoint service. Call DescribeRegions to obtain the region ID.	cn-huhehaote
ClientToken	string	No	The client token that is used to ensure the idempotence of the request. Generate a value from your client to make sure that the value is unique among different requests. ClientToken can contain only ASCII characters.	0c593ea1-3bea-11e9-b96b-88e9fe637760
DryRun	boolean	No	Specifies whether to perform a dry run. Valid values: true: performs a dry run. The system checks the required parameters, request format, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the `DryRunOperation` error code is returned. false (default): performs a dry run and sends the request. If the request passes the dry run, a 2xx HTTP status code is returned and the operation is called.	false
ServiceDescription	string	No	The description of the endpoint service.	This is my EndpointService.
AutoAcceptEnabled	boolean	No	Specifies whether to automatically accept endpoint connections. Valid values: true: automatically accepts endpoint connections. false (default): does not automatically accept endpoint connections.	false
Payer	string	No	The payer. Valid values: Endpoint: the service consumer. EndpointService: the service provider.	Endpoint
ZoneAffinityEnabled	boolean	No	Specifies whether to enable zone affinity. Valid values: true false (default)	false
ServiceResourceType	string	No	The type of the service resource. Valid values: slb: Classic Load Balancer (CLB). alb: Application Load Balancer (ALB). nlb: Network Load Balancer (NLB). gwlb: Gateway Load Balancer (GWLB). Note NLB listeners of the TCPSSL type are not supported.	slb
Resource	array<object>	No	The service resources. You can add up to 10 service resources when you create an endpoint service. After the endpoint service is created, you can add more service resources.
	object	No	The service resources.
ResourceType	string	No	The type of the service resource. You can add up to 20 service resources to an endpoint service. Valid values: slb: CLB. alb: ALB. nlb: NLB. gwlb: GWLB. Note In regions that support PrivateLink, all CLB instances in a virtual private cloud (VPC) can be used as service resources for an endpoint service.	slb
ResourceId	string	No	The ID of the service resource.	lb-hp32z1wp5peaoox2q****
ZoneId	string	No	The ID of the zone.	cn-huhehaote-a
RegionId	string	Yes	The region ID of the endpoint service. Call DescribeRegions to obtain the region ID.	cn-huhehaote
ServiceSupportIPv6 `deprecated`	boolean	No	Specifies whether the endpoint service supports IPv6. Valid values: true false (default)	false
ResourceGroupId	string	No	The ID of the resource group.	rg-acfmy*****
Tag	array<object>	No	The list of tags.
	object	No	The list of tags.
Key	string	No	The tag key. You can specify up to 20 tag keys. The tag key cannot be an empty string. The tag key can be up to 64 characters in length and cannot start with `aliyun` or `acs:`. It cannot contain `http://` or `https://`.	env
Value	string	No	The tag value. You can specify up to 20 tag values. The tag value can be an empty string. The tag value can be up to 128 characters in length and cannot start with `aliyun` or `acs:`. It cannot contain `http://` or `https://`.	prod
AddressIpVersion	string	No	The IP version. Valid values: IPv4 (default) DualStack Note Currently, only endpoint services that use NLB or GWLB instances as service resources support DualStack. If you set the value to DualStack, the service resources must also support dual-stack. Valid values: IPv4 : IPv4 DualStack : DualStack	IPv4

Response elements

Element	Type	Description	Example
	object
ServiceBusinessStatus	string	The business status of the endpoint service. Valid values: Normal: The endpoint service is running as expected. FinancialLocked: The endpoint service is locked due to an overdue payment.	Normal
RequestId	string	The request ID.	8D8992C1-6712-423C-BAC5-E5E817484C6B
ServiceName	string	The name of the endpoint service.	com.aliyuncs.privatelink.cn-huhehaote.epsrv-hp3vpx8yqxblby3i****
ServiceStatus	string	The status of the endpoint service. Valid values: Creating: The endpoint service is being created. Pending: The endpoint service is being modified. Active: The endpoint service is available. Deleting: The endpoint service is being deleted.	Active
ServiceDescription	string	The description of the endpoint service.	This is my EndpointService.
CreateTime	string	The time when the endpoint service was created.	2022-01-02T19:11:12Z
ServiceDomain	string	The domain name of the endpoint service.	epsrv-hp3vpx8yqxblby3i****.cn-huhehaote.privatelink.aliyuncs.com
ZoneAffinityEnabled	boolean	Indicates whether zone affinity is enabled. Valid values: true false	false
AutoAcceptEnabled	boolean	Indicates whether endpoint connections are automatically accepted. Valid values: true: Endpoint connections are automatically accepted. false: Endpoint connections are not automatically accepted.	false
ServiceId	string	The ID of the endpoint service.	epsrv-hp3vpx8yqxblby3i****
ServiceSupportIPv6 `deprecated`	boolean	Indicates whether IPv6 is enabled for the endpoint service. Valid values: true false	false
ResourceGroupId	string	The ID of the resource group.	rg-acfmy*****
AddressIpVersion	string	The IP version. Valid values: IPv4 DualStack	IPv4

Examples

Success response

JSON format

{
  "ServiceBusinessStatus": "Normal",
  "RequestId": "8D8992C1-6712-423C-BAC5-E5E817484C6B",
  "ServiceName": "com.aliyuncs.privatelink.cn-huhehaote.epsrv-hp3vpx8yqxblby3i****",
  "ServiceStatus": "Active",
  "ServiceDescription": "This is my EndpointService.",
  "CreateTime": "2022-01-02T19:11:12Z",
  "ServiceDomain": "epsrv-hp3vpx8yqxblby3i****.cn-huhehaote.privatelink.aliyuncs.com",
  "ZoneAffinityEnabled": false,
  "AutoAcceptEnabled": false,
  "ServiceId": "epsrv-hp3vpx8yqxblby3i****",
  "ServiceSupportIPv6": false,
  "ResourceGroupId": "rg-acfmy*****",
  "AddressIpVersion": "IPv4"
}

Error codes

HTTP status code	Error code	Error message	Description
400	EndpointServiceExist	The specified Endpoint Service already exists.	The specified Endpoint Service already exists.
400	AlbNotFound	The specified Alb does not exist.	The specified Alb does not exist.
400	LoadBalancerNotFound	The specified load balancer does not exist.	The specified Alb does not exist.
400	LoadBalancerNotSupportPrivateLink	The specified SLB does not support PrivateLink.	The specified SLB does not support PrivateLink.
400	GenerateResourceIdFailed	Failed to generate ResourceId.	Failed to generate ResourceId.
400	QuotaMisMatched	The resource you applied for has exceeded the quota.	The resource you applied for has exceeded the quota.
400	VSwitchNotFound	The specified VSwitch does not exist.
400	EndpointServicePayerForbidden	The parameter EndpointServicePayer is forbidden. The user is not in the whitelist.
400	NeedOpenProduct	The product is not activated.	The product is not activated.
400	EndpointServiceNotSupportedZone	The specified endpoint service does not support the zone.	The specified endpoint service does not support the zone.
400	IllegalParamFormat.%s	The param format of %s is illegal.	The parameter format of %s is illegal.
400	MissingParam.%s	The param of %s is missing.	The parameter %s is missing.
400	ResourceNotFound.NatGateway	The specified resource %s is not found.
400	Mismatch.ResourceType	The %s is mismatched for %s and %s.	The %s is mismatched for %s and %s.
400	EndpointServiceNotSupportIpv6	The param supportIpv6 of EndpointService is forbidden , resource is not support ipv6.	The endpoint service does not support IPv6.
400	OperationDenied.PrivateDomainNotSupport	The operation is not allowed because of PrivateDomainNotSupport.
400	Conflict.ServiceName	The ServiceName %s is conflict.
400	InvalidParam.PrivateDnsName	The parameter of PrivateDnsName is illegal, which needs to end with aliyun.com, aliyun-inc.com, or aliyuncs.com.
400	OperationDenied.ZoneAffinityNotSupport	The operation is not allowed because of zone affinity not support.	The operation is not allowed because zone affinity is not supported.
400	OperationDenied.RamPolicyNotSupport	The operation is not allowed because of RamPolicyNotSupport.	The operation is not allowed because ram policy are not supported.
400	OperationDenied.ResourceTypeNotSupportDualStack	The specified resource type does not support dualstack.	The specified resource type does not support dualstack.
400	OperationDenied.ServiceResourceIpVersionMismatch	The endpoint service and service resource AddressIpVersion do not match.	The endpoint service and service resource AddressIpVersion do not match.
400	IllegalParam.AddressIpVersion	The specified parameter AddressIpVersion is invalid.	The specified parameter AddressIpVersion does not meet the requirements.
400	SpecifiedAlbNotSupport	The specified alb %s is not supported.	the specified alb instance is not supported.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.