All Products
Search
Document Center

Virtual Private Cloud:CreateFlowLog

Last Updated:Jun 19, 2026

Creates a flow log.

Operation description

CreateFlowLog is an asynchronous operation. After you invoke this operation, the system returns an instance ID, but the flow log has not been created yet. The creation node is still running in the background. You can invoke DescribeFlowLogs to query the creation status of the flow log:

  • If the flow log is in the Activating state, the flow log is being created.

  • If the flow log is in the Active state, the flow log is created and activated.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

vpc:CreateFlowLog

create

VSwitch

acs:vpc:{#regionid}:{#accountId}:vswitch/{#VSwitchId}

*FlowLog

acs:vpc:{#regionId}:{#accountId}:flowlog/*

VPC

acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}

None None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

Yes

The region ID of the flow log. You can call DescribeRegions to query the most recent region list.

cn-qingdao

FlowLogName

string

No

The name of the flow log.

The name must be 1 to 128 characters in length and cannot start with http:// or https://.

myFlowlog

Description

string

No

The description of the flow log.

The description must be 1 to 256 characters in length and cannot start with http:// or https://.

This is my Flowlog.

ResourceType

string

Yes

The type of resource from which to capture traffic. Valid values:

  • NetworkInterface: network interface controller (NIC).

  • VSwitch: all network interface controllers (NICs) in a vSwitch.

  • VPC: all network interface controllers (NICs) in a virtual private cloud (VPC).

NetworkInterface

ResourceId

string

Yes

The ID of the resource from which to capture traffic.

eni-askldfas****

TrafficType

string

Yes

The traffic type to collect. Valid values:

  • All: all traffic.

  • Allow: traffic allowed by access control.

  • Drop: traffic denied by access control.

All

ProjectName

string

No

The name of the project that manages the captured traffic.

  • The project name can contain only lowercase letters, digits, and hyphens (-).

  • The name must start and end with a lowercase letter or digit.

  • The name must be 3 to 63 characters in length.

FlowLogProject

LogStoreName

string

No

The name of the Logstore that stores the captured traffic.

  • The Logstore name can contain only lowercase letters, digits, hyphens (-), and underscores (_).

  • The name must start and end with a lowercase letter or digit.

  • The name must be 3 to 63 characters in length.

FlowLogStore

AggregationInterval

integer

No

The sampling interval of the flow log. Unit: minutes. Valid values: 1, 5, and 10 (default).

10

TrafficPath

array

No

The traffic path to capture. Valid values:

  • all: captures all traffic.

  • internetGateway: captures Internet traffic.

string

No

The traffic path to capture. Valid values:

  • all (default): captures all traffic.

Note

The traffic path feature is not enabled by default. To use this feature, submit a ticket.

.

all

ResourceGroupId

string

No

The ID of the resource group.

rg-acfmxazdjdhd****

Tag

array<object>

No

The tags of the resource.

object

No

The tag.

Key

string

No

The tag key of the resource. You can specify up to 20 tag keys. The tag key cannot be an empty string.

The tag key can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://.

FinanceDept

Value

string

No

The tag value of the resource. You can specify up to 20 tag values. The tag value can be an empty string.

The tag value can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://.

FinanceJoshua

IpVersion

string

No

The IP version of the traffic captured by the flow log.

IPv4

Response elements

Element

Type

Description

Example

object

The request ID.

RequestId

string

The request ID.

54B48E3D-DF70-471B-AA93-08E683A1B457

Success

string

Indicates whether the call is successful. Valid values:

  • true: The call is successful.

  • false: The call failed.

true

FlowLogId

string

The flow log ID.

fl-m5e8vhz2t21sel1nq****

ResourceGroupId

string

The ID of the resource group.

rg-acfmxazdjdhd****

Examples

Success response

JSON format

{
  "RequestId": "54B48E3D-DF70-471B-AA93-08E683A1B457",
  "Success": "true",
  "FlowLogId": "fl-m5e8vhz2t21sel1nq****",
  "ResourceGroupId": "rg-acfmxazdjdhd****"
}

Error codes

HTTP status code

Error code

Error message

Description

400 IncorrectBusinessStatus.FlowLog The business status of flowLog is incorrect. The error message returned because you cannot create flow logs in the current business state.
400 OptInRequired.FlowLog You are not authorized to use the requested service of flowLog. Ensure that you have subscribed to the service you are trying to use. The error message returned because you do not have the permissions to use the flow log feature. Make sure that the flow log feature is already enabled.
400 OperationUnsupported.AdvancedFeature Advanced features of the vpc is unsupported. This advanced feature is not supported.
400 InvalidInstanceId vswitch does not exist. The error message returned because the vSwitch does not exist.
400 ProjectOrLogstoreNotExist The specified project or logstore does not exist. The error message returned because the specified project or Logstore does not exist.
400 SourceProjectNotExist The Source Project or logstore does not exist. The error message returned because the source project or Logstore does not exist.
400 Unauthorized This api does not support sub user or role. The error message returned because you cannot call this operation as a RAM user.
400 OperationUnsupported.action This action is not support. The error message returned because the operation is not supported.
400 ParameterInvalid Invalid parameter. The error message returned because a parameter is invalid.
400 RuleExist The rule has already existed.
400 InvalidHdMonitorStatus Current instance status is not valid for this action.
400 QuotaExceeded.FlowlogCount This user has reached the maximum instance number of flowlog. The number of flow logs reaches the upper limit.
400 InvalidResourceId.NotFound This resourceId already has flowlog instance existed. A flow log is already enabled for the resource.
400 INVALID_PARAMETER The parameter invalid.
400 MissingParameter Missing mandatory parameter
400 InvalidRegionId.NotFound The RegionId provided does not exist in our records.
400 InvalidResourceType.NotFound Resource type no the same.
400 OperationUnsupported.ResourceType This resource type is not supported.
400 IllegalParam.AggregationInterval The param of aggregationInterval is illegal.
400 UnsupportedFeature.UserDefinedTrafficPath The feature of UserDefinedTrafficPath is not supported. The current user does not have the permissions to specify trafficPath.
400 IllegalParam.TrafficPath The param of trafficPath is illegal. TrafficPath.N is set to an invalid value.
400 DuplicatedParam.TrafficPath The param of trafficPath is duplicated. The value of TrafficPath.N is duplicate.
400 IllegalParam.ResourceGroupId Invalid ResourceGroupld value. The specified resource group is invalid or does not exist.
400 OperationDenied.OperateShareResource The operation is not allowed because of OperateShareResource. Operating on shared resources causes the operation to fail
400 UnsupportedFeature.IpVersion The ipversion type is not supported.
400 UnsupportedFeature.VpcAdvancedFeature The VPC does not support some advanced features. The VPC does not support some advanced features. Please submit a ticket.
400 OperationFailed.EniTypeNotSupport Operation failed because the ENI type is not supported. Operation failed because the ENI type is not supported.
400 IllegalParam.IpVersion The parameter of IpVersion is illegal.
400 OperationDenied.NisTrafficAnalyzerAggregationIntervalMismatch The sampling interval of the FlowLog is greater than the sampling interval of the NIS Traffic Analyzer. The sampling interval of the FlowLog is greater than the sampling interval of the NIS Traffic Analyzer.
400 OperationDenied.NisTrafficAnalyzerNotFound The specified NIS Traffic Analyzer does not exist. The specified NIS Traffic Analyzer does not exist.
400 OperationDenied.NisTrafficAnalyzerNotActive The specified NIS Traffic Analyzer is not enabled. The specified NIS Traffic Analyzer is not enabled.
400 OperationFailed.InternalError The request processing has failed due to some unknown error. Unknown error. Please retry the operation. The error still exists. Please submit the work order for processing.
400 MissingParam.TrafficAnalyzerIdOrLogProjectOrLogStore TrafficAnalyzerId and ProjectName and LogStoreName parameters are not passed in. TrafficAnalyzerId and ProjectName and LogStoreName parameters are not passed in.
400 OperationDenied.AllTrafficPathOfManagedExist The resource you specified has created a flow log instance that collects the traffic of all scenarios. You cannot create a flow log instance that collects only some scenarios. The resource you specified has created a flow log instance that collects the traffic of all scenarios. You cannot create a flow log instance that collects only some scenarios.
400 UnsupportedFeature.UserDefinedTrafficPathIpv6 Dual-stack flow log instances do not support custom trafficPath. Dual-stack flow log instances do not support custom trafficPath.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.