All Products
Search
Document Center

Virtual Private Cloud:CreateDefaultVpc

Last Updated:Jun 19, 2026

Creates a default virtual private cloud (VPC).

Operation description

When you call this operation to create a default VPC, note the following items:

  • After a default VPC is created, you cannot modify its CIDR block, but you can add secondary IPv4 CIDR blocks.

  • Each default VPC supports up to 300,000 private network IP addresses for cloud resources, and this quota cannot be upgraded.

  • After a default VPC is created, a vRouter and a route table are automatically created.

  • Each default VPC supports up to three user CIDR blocks. If multiple user CIDR blocks overlap, the CIDR block with the shorter mask takes effect. For example, if both 10.0.0.0/16 and 10.0.0.0/24 exist, 10.0.0.0/16 takes effect.

  • The CreateDefaultVpc operation is asynchronous. After you send a request, the system returns an instance ID while the default VPC is still being created in the background. You can call DescribeVpcAttribute to query the creation status of the default VPC:

    • If the default VPC is in the Pending state, the default VPC is being configured.

    • If the default VPC is in the Available state, the default VPC is available.

  • The CreateDefaultVpc operation does not support concurrent creation of default VPCs in the same region.

  • Only one default VPC can exist in a region.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

vpc:CreateDefaultVpc

create

*VPC

acs:vpc:{#regionId}:{#accountId}:vpc/*

None None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

Yes

The region ID of the default VPC.

You can call DescribeRegions to query the most recent region list.

cn-hangzhou

Ipv6CidrBlock

string

No

The IPv6 CIDR block of the default VPC.

Note

This parameter is required when EnableIpv6 is set to true.

2408:XXXX:346:b600::/56

EnableIpv6

boolean

No

Specifies whether to enable the IPv6 CIDR block. Valid values:

  • false (default): does not enable the IPv6 CIDR block.

  • true: enables the IPv6 CIDR block.

false

ResourceGroupId

string

No

The ID of the resource group.

rg-acfmystnjq4****

ClientToken

string

No

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the token, but you must make sure that the token is unique among different requests. The ClientToken value can contain only ASCII characters.

Note

If you do not specify this parameter, the system uses the RequestId of the API request as the ClientToken. The RequestId may be different for each API request.

123e4567-e89b-12d3-a456-426655440000

Response elements

Element

Type

Description

Example

object

The ID of the default VPC that is created.

VpcId

string

The ID of the default VPC that is created.

vpc-bp15zckdt37pq72zv****

VRouterId

string

The ID of the vRouter that the system automatically creates after the default VPC is created.

vrt-bp1lhl0taikrteen8****

RequestId

string

The request ID.

0ED8D006-F706-4D23-88ED-E11ED28DCAC0

RouteTableId

string

The ID of the route table that the system automatically creates after the default VPC is created.

vtb-bp1q1uirugzb1x32m****

Examples

Success response

JSON format

{
  "VpcId": "vpc-bp15zckdt37pq72zv****",
  "VRouterId": "vrt-bp1lhl0taikrteen8****",
  "RequestId": "0ED8D006-F706-4D23-88ED-E11ED28DCAC0",
  "RouteTableId": "vtb-bp1q1uirugzb1x32m****"
}

Error codes

HTTP status code

Error code

Error message

Description

400 TOKEN_PROCESSING Action is processing.
400 InvokeError instance quota rule invoke error. Failed to get rule data, please wait zai shi
400 InvalidParameter Specified CIDR block is not valid
400 ResourceNotAvailable Resource you requested is not available in this region or zone.
400 InvalidVpcName.Malformed Specified VPC name is not valid.
400 InvalidVpcDiscription.Malformed Specified VPC description is not valid.
400 QuotaExceeded.Vpc VPC quota exceeded. The number of VPCs in this account has reached the upper limit.
400 ResourceNotAvailable.Vpc Resource you requested is not available in this region or zone.
400 InvalidUserCidr.Quota Specified UserCidr number is greater than 3.
400 InvalidUserCidr.Malformed Specified UserCidr overlapping in of 100.64.0.0/10. The user CIDR block that you specify overlaps with 100.64.0.0/10.
400 InvalidResourceGroupId The specified ResourceGroupId does not exist. The specified resource group ID does not exist.
400 IllegalParam.Ipv6CidrBlock %s
400 OperationFailed.IPv6CidrNotReserved %s
400 MissingParam.EnableIpv6 %s
400 OperationUnsupported.Ipv6Feature %s
400 IllegalParam.ZoneId %s
400 OperationFailed.DefaultVpcExist %s
400 InvalidRegionId.NotFound Specified value of "regionId" is not supported.
500 InternalError The request processing has failed due to some unknown error.
403 Forbbiden User not authorized to operate on the specified resource. User not authorized to operate on the specified resource.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.