All Products
Search
Document Center

Virtual Private Cloud:AssociateVpcCidrBlock

Last Updated:Jun 26, 2026

Adds a secondary CIDR block to a VPC.

Operation description

  • The maximum number of secondary CIDR blocks that can be added to a VPC is as follows:

    • A maximum of 5 secondary IPv4 CIDR blocks can be added to a VPC.

    • A maximum of 5 secondary IPv6 CIDR blocks can be added to a VPC.

  • The AssociateVpcCidrBlock operation does not support concurrently adding secondary CIDR blocks to the same VPC.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

vpc:AssociateVpcCidrBlock

create

*VPC

acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}

None None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

Yes

The region ID of the VPC to which you want to add a secondary CIDR block.

You can call the DescribeRegions operation to query the most recent region list.

ch-hangzhou

VpcId

string

Yes

The ID of the VPC to which you want to add a secondary CIDR block.

vpc-o6wrloqsdqc9io3mg****

SecondaryCidrBlock

string

No

The secondary IPv4 CIDR block to add. The CIDR block must meet the following requirements:

  • Use a private IPv4 address specified in RFC 1918 as the secondary IPv4 CIDR block of the virtual private cloud (VPC). The subnet mask must be 16 to 28 bits in length. Examples: 10.0.0.0/16, 172.16.0.0/16, and 192.168.0.0/16.

  • You can use a custom CIDR block other than 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, 169.254.0.0/16, or their subnets as the secondary IPv4 CIDR block of the virtual private cloud (VPC).

Configuration limits:

  • The CIDR block cannot start with 0. The subnet mask must be 16 to 28 bits in length.

  • The secondary CIDR block cannot overlap with the primary CIDR block or existing secondary CIDR blocks of the VPC.

Note

If you do not use an IPAM pool to add a secondary CIDR block to the VPC, you must specify either the SecondaryCidrBlock parameter or the Ipv6CidrBlock parameter, but not both.

192.168.0.0/16

SecondaryCidrMask

integer

No

The subnet mask used to add a secondary IPv4 CIDR block from an IPAM pool to the VPC.

Note

When you use an IPAM pool to add a secondary IPv4 CIDR block to the VPC, you must specify at least one of SecondaryCidrBlock and SecondaryCidrMask.

16

IPv6CidrBlock

string

No

The specified IPv6 CIDR block of the VPC.

Note

You cannot specify both SecondaryCidrBlock and Ipv6CidrBlock.

2408:XXXX:0:6a::/56

Ipv6Isp

string

No

The type of the IPv6 CIDR block of the VPC. Valid values:

  • BGP (default): Alibaba Cloud BGP IPv6.

  • ChinaMobile: China Mobile (single ISP).

  • ChinaUnicom: China Unicom (single ISP).

  • ChinaTelecom: China Telecom (single ISP).

Note

If your account is included in the China single-ISP bandwidth whitelist, you can set this parameter to ChinaTelecom (China Telecom), ChinaUnicom (China Unicom), or ChinaMobile (China Mobile).

BGP

IpVersion

string

No

The version of the IP address. Valid values:

  • IPV4: IPv4 address.

  • IPV6: IPv6 address. When IpVersion is set to IPV6 and SecondaryCidrBlock is not specified, a secondary IPv6 CIDR block is added to the VPC.

IPV4

IpamPoolId

string

No

The instance ID of the IPAM pool.

ipam-pool-sycmt3p2a9v63i****

Ipv6CidrMask

integer

No

The subnet mask used to add an IPv6 CIDR block from an IPAM pool to the VPC.

Note

When you use an IPAM pool to add a secondary IPv6 CIDR block to the VPC, you must specify at least one of IPv6CidrBlock and Ipv6CidrMask.

56

RegionId

string

Yes

The region ID of the VPC to which you want to add a secondary CIDR block.

You can call the DescribeRegions operation to query the most recent region list.

ch-hangzhou

Response elements

Element

Type

Description

Example

object

The request ID.

RequestId

string

The request ID.

C1221A1F-2ACD-4592-8F27-474E02883159

CidrBlock

string

The secondary CIDR block added to the VPC.

192.168.0.0/16

IpVersion

string

The IP address version of the secondary CIDR block.

IPV4

Examples

Success response

JSON format

{
  "RequestId": "C1221A1F-2ACD-4592-8F27-474E02883159",
  "CidrBlock": "192.168.0.0/16",
  "IpVersion": "IPV4"
}

Error codes

HTTP status code

Error code

Error message

Description

400 InvalidVpc.NotFound %s
400 IncorrectStatus.Vpc %s
400 ParamExclusive.SecondaryCidrAndIpv6Cidr %s
400 OperationUnsupported.VpcMultiCidr %s
400 MissingParam.SecondaryCidrOrIpv6Cidr %s
400 OperationUnsupported.IPv6ULA %s
400 OperationFailed.Ipv6CidrBlockExisted %s
400 InvalidIpv6ULACidrBlock.Malformed %s
400 QuotaExceeded.GUAIpv6CidrBlock %s
400 IllegalParam.Ipv6CidrType %s
400 OperationUnsupported.OnlyULA %s
400 InvalidCidrBlock.Malformed Specified CIDR block is not valid.
400 IllegalParam.SecondaryCidrBlock %s
400 Duplicated.SecondaryCidrBlock %s
400 OperationFailed.ConflictWithEntry %s
400 QuotaExceeded.VpcMultiCidr %s
400 MissingParam.SecondaryCidrBlockOrIpv6CidrBlock Either SecondaryCidrBlock or Ipv6CidrBlock must be specified. The secondary CIDR block or the IPv6 CIDR block is not specified.
400 MissingParam.VpcId You must specify VpcId. You must specify VpcId.
400 UnsupportedFeature.Ipv6Isp The Ipv6Isp feature is not supported. The specified IPv6 ISP is not supported.
400 IllegalParam.IpVersion %s
400 OperationDenied.GUAIpv6CidrBlock The operation is not allowed because this ipv6 CIDR is not reserved.
400 OperationFailed.IPv6CidrNotReserved Operation failed because this ipv6 cidr is not reserved.
400 InvalidCidrBlock Specified CIDR block is already exists.
400 IllegalParam.IpamPool The specified IPAM pool cannot be empty. The IPAM pool cannot be empty.
400 MissingParam.SecondaryCidrMask The parameter SecondaryCidrMask must be input. SecondaryCidrMask is required.
400 IllegalParam.SecondaryCidrMask The specified Secondary CIDR Mask is illegal. Invalid SecondaryCidrMask.
400 OperationDenied.RequestRegionInvalid The operation is not allowed because the request is not invoked in the region of the IPAM pool. The operation is not allowed because the request is not invoked in the region of the IPAM pool.
400 OperationDenied.IpamPoolNotInRegion The operation is not allowed because the IPAM pool not in specific region does not support creating VPC or associating CIDR for VPC. The operation is not allowed because the IPAM pool not in specific region does not support creating VPC or associating CIDR for VPC.
400 MissingParam.CidrOrCidrMask The CIDR or CIDR Mask must be input. The CIDR or CIDR Mask must be input.
400 OperationDenied.CidrInExcludeCidrs The operation is not allowed because the input CIDR is within the illegal CIDRs. The operation is not allowed because the input CIDR is within the illegal CIDRs.
400 OperationDenied.AvailableCidrInsufficient The operation is not allowed because available CIDR is insufficient. The operation is not allowed because available CIDR is insufficient.
400 UnsupportedFeature.Ipam IPAM is not supported in this region. The IPAM feature is not supported in this region.
400 UnsupportedFeature.VpcIpamIpv6 The specified IPAM pool does not support the IPv6 feature. The specified IPAM pool does not support the IPv6 feature.
400 OperationDenied.CidrUnavailableInPool The operation is not allowed because the CIDR is unavailable in the IPAM pool. The operation is not allowed because the CIDR is unavailable in the IPAM pool.
400 InvalidIpv6CidrBlock.Malformed Param Ipv6CidrBlock is malformed. IPv6 network segment is illegal
400 MissingParam.IpVersion The parameter IpVersion is missing. The parameter IpVersion is missing.
400 Mismatch.IpVersionAndIpamPoolIpVersion The input IpVersion is inconsistent with the IpVersion of the input IPAM pool. The input IpVersion is inconsistent with the IpVersion of the input IPAM pool.
400 IllegalParam.Ipv6CidrBlock The parameter of Ipv6CidrBlock is illegal.
400 OperationFailed.Ipv6CidrBlockOverLapped The input IPv6 CIDR block overlaps with the existing ones. The input IPv6 CIDR block overlaps with the existing ones.
400 QuotaExceeded.IPv6CidrBlock The number of IPv6 CIDR blocks in the VPC exceeds the limit. The number of IPv6 CIDR blocks in the VPC exceeds the limit.
400 OperationDenied.MaskOfCidrIsNotAllowed The input mask or mask of the input CIDR is not allowed. The input mask or mask of the input CIDR is not allowed.
400 IllegalParam.Ipv6Isp The specified Ipv6Isp is illegal. The specified Ipv6Isp is illegal.
400 IllegalParam.CidrMask The input CIDR mask is illegal. The input CIDR mask is illegal.
500 OperationFailed.ResourceNotEnough Insufficient resources. The resources that you request are insufficient. If you still want to request the resources, submit a ticket.
403 Forbbiden User not authorized to operate on the specified resource. User not authorized to operate on the specified resource.
404 ResourceNotFound.IpamPool The dependent IPAM pool is not found. The dependent IPAM pool is not found.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.