All Products
Search
Document Center

Virtual Private Cloud:CreateVpc

Last Updated:Jun 26, 2026

Creates a virtual private cloud (VPC).

Operation description

When you call this operation to create a VPC, take note of the following items:

  • A VPC can have only one primary IPv4 CIDR block. You can add IPv4 secondary CIDR blocks to expand the address space.

  • After a VPC is created, you can expand or shrink the original IPv4 CIDR block. If IP addresses within the current CIDR block are already in use and fall outside the target CIDR block, the modification fails.

  • Each VPC supports up to 300,000 private network IP addresses for cloud resources. This quota cannot be upgraded.

  • After a VPC is created, a vRouter and a route table are automatically created.

  • Each VPC supports up to three user CIDR blocks. If user CIDR blocks overlap, the CIDR block with the shorter mask takes effect. For example, if both 10.0.0.0/16 and 10.0.0.0/24 are specified, 10.0.0.0/16 takes effect.

  • CreateVpc is an asynchronous operation. After you invoke a request, the system returns an instance ID but the VPC is not yet created. The node for creating the VPC runs in the background. You can invoke DescribeVpcAttribute to query the creation status of the VPC:

    • If the VPC is in the Creating state, the VPC is being created.

    • If the VPC is in the Created state, the VPC is created.

  • CreateVpc supports concurrent creation of non-default VPCs in the same region, subject to quota limits.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

vpc:CreateVpc

create

*VPC

acs:vpc:{#regionId}:{#accountId}:vpc/*

None None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

Yes

The region ID of the VPC.

You can call DescribeRegions to query the most recent region list.

cn-hangzhou

CidrBlock

string

No

The CIDR block of the VPC.

  • We recommend that you use an IPv4 address specified in RFC 1918 as the primary IPv4 CIDR block of the virtual private cloud (VPC). The subnet mask must be 16 to 28 bits in length. Examples: 10.0.0.0/16, 172.16.0.0/16, and 192.168.0.0/16.

  • You can also use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, or their subnets as the primary IPv4 CIDR block of the virtual private cloud (VPC).

172.16.0.0/12

Ipv6CidrBlock

string

No

The IPv6 CIDR block of the VPC. When you enable IPv6 for the VPC, the system will assign an IPv6 CIDR block. To specify an IPv6 CIDR block, you must first invoke AllocateVpcIpv6Cidr to reserve the IPv6 CIDR block, and then pass it in.

2408:XXXX:0:6a::/56

VpcName

string

No

The name of the VPC.

The name must be 1 to 128 characters in length and cannot start with http:// or https://.

abc

EnableIpv6

boolean

No

Specifies whether to enable IPv6. Valid values:

  • false (default): disabled.

  • true: enabled.

false

Description

string

No

The description of the VPC.

The description must be 1 to 256 characters in length and cannot start with http:// or https://.

This is my first Vpc

ResourceGroupId

string

No

The resource group ID.

For more information about resource groups, see What is a resource group?.

rg-acfmxazb4ph6aiy****

Tag

array<object>

No

The tags of the resource.

object

No

The tag.

Key

string

No

The tag key of the resource. You can specify up to 20 tag keys. The tag key cannot be an empty string.

The tag key can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://.

FinanceDept

Value

string

No

The tag value of the resource. You can specify up to 20 tag values. The tag value can be an empty string.

The tag value can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://.

FinanceJoshua

DryRun

boolean

No

Specifies whether to perform a dry run. Valid values:

  • true: performs a dry run without creating the VPC. The system checks the required parameters, request format, and service limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the DryRunOperation error code is returned.

  • false (default): performs a Normal request and sends the request. If the request passes the dry run, an HTTP 2xx status code is returned and the system proceeds to create a VPC.

false

UserCidr

string

No

The user CIDR block. Separate multiple CIDR blocks with commas (,). You can specify up to three CIDR blocks.

For more information about user CIDR blocks, see the What is a user CIDR block? section in virtual private cloud (VPC) FAQ.

192.168.0.0/12

ClientToken

string

No

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.

Note

If you do not specify this parameter, the system automatically uses the RequestId of the API request as the ClientToken. The RequestId may be different for each API request.

123e4567-e89b-12d3-a456-426655440000

Ipv6Isp

string

No

The type of the IPv6 CIDR block of the VPC. Valid values:

  • BGP (default): Alibaba Cloud BGP IPv6.

  • ChinaMobile: China Mobile (single ISP).

  • ChinaUnicom: China Unicom (single ISP).

  • ChinaTelecom: China Telecom (single ISP).

Note

If your account is included in the China Telecom single-ISP bandwidth whitelist, you can set this parameter to ChinaTelecom (China Telecom), ChinaUnicom (China Unicom), or ChinaMobile (China Mobile).

BGP

Ipv4IpamPoolId

string

No

The instance ID of the IPv4 IPAM pool instance.

ipam-pool-sycmt3p2a9v63i****

Ipv4CidrMask

integer

No

The subnet mask used to allocate a CIDR block from the IPAM pool to the VPC.

Note

When you create a VPC by specifying an IPAM pool, you must specify at least one of CidrBlock or Ipv4CidrMask.

12

EnableDnsHostname

boolean

No

Specifies whether to enable the DNS hostname feature. Valid values:

  • false (default): disabled.

  • true: enabled.

false

Ipv6IpamPoolId

string

No

The instance ID of the IPv6 IPAM pool instance.

ipam-pool-bp1aq51kkfh477z03****

Ipv6CidrMask

integer

No

The subnet mask used to allocate an IPv6 CIDR block from the IPAM pool to the VPC.

56

Response elements

Element

Type

Description

Example

object

The ID of the created VPC.

VpcId

string

The ID of the created VPC.

vpc-bp15zckdt37pq72zv****

VRouterId

string

The ID of the vRouter that is automatically created after the VPC is created.

vrt-bp1lhl0taikrteen8****

RequestId

string

The request ID.

0ED8D006-F706-4D23-88ED-E11ED28DCAC0

RouteTableId

string

The ID of the route table that is automatically created after the VPC is created.

vtb-bp145q7glnuzdv****

ResourceGroupId

string

The resource group ID.

rg-acfmxazb4ph6aiy****

Examples

Success response

JSON format

{
  "VpcId": "vpc-bp15zckdt37pq72zv****",
  "VRouterId": "vrt-bp1lhl0taikrteen8****",
  "RequestId": "0ED8D006-F706-4D23-88ED-E11ED28DCAC0",
  "RouteTableId": "vtb-bp145q7glnuzdv****",
  "ResourceGroupId": "rg-acfmxazb4ph6aiy****"
}

Error codes

HTTP status code

Error code

Error message

Description

400 TOKEN_PROCESSING Action is processing.
400 InvokeError instance quota rule invoke error. Failed to get rule data, please wait zai shi
400 InvalidParameter Specified CIDR block is not valid
400 ResourceNotAvailable Resource you requested is not available in this region or zone.
400 InvalidVpcName.Malformed Specified VPC name is not valid.
400 InvalidVpcDiscription.Malformed Specified VPC description is not valid.
400 QuotaExceeded.Vpc VPC quota exceeded. The number of VPCs in this account has reached the upper limit.
400 ResourceNotAvailable.Vpc Resource you requested is not available in this region or zone.
400 InvalidUserCidr.Quota Specified UserCidr number is greater than 3.
400 InvalidUserCidr.Malformed Specified UserCidr overlapping in of 100.64.0.0/10. The user CIDR block that you specify overlaps with 100.64.0.0/10.
400 InvalidResourceGroupId The specified ResourceGroupId does not exist. The specified resource group ID does not exist.
400 IllegalParam.Ipv6CidrBlock %s
400 OperationFailed.IPv6CidrNotReserved %s
400 MissingParam.EnableIpv6 %s
400 OperationUnsupported.Ipv6Feature %s
400 System.ServiceBusy System is busy, please try later.
400 IllegalParam.UserCidr UserCidr is not a valid or strict address. UserCidr is illegal.
400 OperationUnsupported.ResourceGroupId ResourceGroup is not supported in this region. The operation is not supported. Resource group IDs are not supported in Alibaba Finance Cloud.
400 IllegalParam.EnableIpv6 %s
400 InvalidIpv6CidrBlock.Malformed Specified Ipv6CidrBlock is not valid.
400 UnsupportedFeature.Ipv6Isp The Ipv6Isp feature is not supported. The specified IPv6 ISP is not supported.
400 ResourceNotEnough.Ipv6Cidr The specified resource of Ipv6Cidr is not enough. IPv6 addresses are insufficient.
400 UnsupportedFeature.IPAM VPCs cannot be created by using IPAM. You cannot use IPAM to create a VPC.
400 IllegalParam.Ipv4CidrMask The specified Ipv4CidrMask is illegal. Invalid Ipv4CidrMask.
400 IllegalParam.IpamPool The specified IPAM pool cannot be empty. The IPAM pool cannot be empty.
400 OperationDenied.RequestRegionInvalid The operation is not allowed because the request is not invoked in the region of the IPAM pool. The operation is not allowed because the request is not invoked in the region of the IPAM pool.
400 OperationDenied.IpamPoolNotInRegion The operation is not allowed because the IPAM pool not in specific region does not support creating VPC or associating CIDR for VPC. The operation is not allowed because the IPAM pool not in specific region does not support creating VPC or associating CIDR for VPC.
400 MissingParam.CidrOrCidrMask The CIDR or CIDR Mask must be input. The CIDR or CIDR Mask must be input.
400 OperationDenied.CidrInExcludeCidrs The operation is not allowed because the input CIDR is within the illegal CIDRs. The operation is not allowed because the input CIDR is within the illegal CIDRs.
400 OperationDenied.AvailableCidrInsufficient The operation is not allowed because available CIDR is insufficient. The operation is not allowed because available CIDR is insufficient.
400 UnsupportedFeature.Ipam IPAM is not supported in this region. The IPAM feature is not supported in this region.
400 OperationDenied.CidrUnavailableInPool The operation is not allowed because the CIDR is unavailable in the IPAM pool. The operation is not allowed because the CIDR is unavailable in the IPAM pool.
400 IllegalParam.CidrBlockMask The param of CidrBlock Mask [%s] is illegal. The subnet mask of the CIDR block is invalid.
400 UnsupportedFeature.VpcDnsHostname The feature of vpc dns hostname is unsupported. The VPC private domain name function does not take effect in the current region.
400 OperationDenied.MaskOfCidrIsNotAllowed The input mask or mask of the input CIDR is not allowed. The input mask or mask of the input CIDR is not allowed.
400 IllegalParam.Ipv6Isp The specified Ipv6Isp is illegal. The specified Ipv6Isp is illegal.
400 IllegalParam.CidrMask The input CIDR mask is illegal. The input CIDR mask is illegal.
400 InvalidRegionId.NotFound Specified value of "regionId" is not supported.
400 UnsupportedFeature.DhcpOptionsSet The feature of dhcp options set is unsupported. The DHCP Options Set function does not take effect in the current region.
400 OperationDenied.CidrMaskTooLarge The operation is denied because the CIDR mask %s is larger than the allocationMaxNetmask %s of the pool. The operation is denied because the CIDR mask %s is larger than the allocationMaxNetmask %s of the pool.
400 OperationDenied.CidrMaskTooSmall The operation is denied because the CIDR mask %s is less than the allocationMinNetmask %s of the pool. The operation is denied because the CIDR mask %s is less than the allocationMinNetmask %s of the pool.
400 Mismatch.ParamIpv6IspAndIpamPoolIpv6Isp The specified IPv6 ISP %s does not match the IPAM pool's IPv6 ISP %s. The specified IPv6 ISP does not match the IPv6 ISP configured in the IPAM pool.
500 InternalError The request processing has failed due to some unknown error.
403 Forbidden User not authorized to operate on the specified resource. You do not have the permissions to manage the specified resource. Apply for the permissions and try again.
404 ResourceNotFound.IpamPool The dependent IPAM pool is not found. The dependent IPAM pool is not found.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.