Queries network access control lists (ACLs).

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
NetworkAclId String Yes nacl-a2do9e413e0spzasx****

The ID of the network ACL.

RegionId String Yes cn-hangzhou

The region ID of the network ACL.

You can call the DescribeRegions operation to query the most recent region list.

ClientToken String No 123e4567-e89b-12d3-a456-426655440000

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters.

Note If you do not set this parameter, the system sets ClientToken to the value of RequestId. The value of RequestId for each API request may be different.
Action String Yes DescribeNetworkAclAttributes

The operation that you want to perform. Set the value to DescribeNetworkAclAttributes.

Response parameters

Parameter Type Example Description
RequestId String F5905F9C-0161-4E72-9CB1-1F3F3CF6268A

The ID of the request.

NetworkAclAttribute Object

The details about the network ACL.

Status String Available

The status of the associated resource. Valid values:

  • Available
  • Modifying
VpcId String vpc-a2d33rfpl72k5defr****

The ID of the virtual private cloud (VPC) with which the network ACL is associated.

CreationTime String 2021-12-25 11:33:27

The time when the network ACL was created.

Description String This is my NetworkAcl.

The description of the network ACL.

NetworkAclName String acl-1

The name of the network ACL.

NetworkAclId String nacl-a2do9e413e0spnhmj****

The ID of the network ACL.

OwnerId Long 253460731706911258

The ID of the Alibaba Cloud account to which the network ACL belongs.

RegionId String cn-hangzhou

The region ID of the network ACL.

IngressAclEntries Array of IngressAclEntry

The information about the inbound rules of the network ACL.

IngressAclEntry
NetworkAclEntryId String nae-a2dk86arlydmevfbg****

The ID of the inbound rule.

NetworkAclEntryName String acl-3

The name of the inbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept: allows network traffic.
  • drop: blocks network traffic.
Description String This is IngressAclEntries.

The description of the inbound rule.

SourceCidrIp String 10.0.0.0/24

The source CIDR block.

Protocol String all

The protocol. Valid values:

  • icmp: ICMP
  • gre: GRE
  • tcp: TCP
  • udp: UDP
  • all: all protocols
Port String -1/-1

The destination port range of the inbound traffic.

  • If Protocol of the inbound rule is set to all, icmp, or gre, the port range is -1/-1, which indicates all ports.
  • If Protocol of the inbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80, which indicates port 1 to port 200, or port 80. Valid values for a port: 1 to 65535.
EgressAclEntries Array of EgressAclEntry

The information about the outbound rules of the network ACL.

EgressAclEntry
NetworkAclEntryId String nae-a2d447uw4tillxdcv****

The ID of the outbound rule.

NetworkAclEntryName String acl-2

The name of the outbound rule.

Policy String accept

The action to be performed on network traffic that matches the rule. Valid values:

  • accept: allows network traffic.
  • drop: blocks network traffic.
Description String This is EgressAclEntries.

The description of the outbound rule.

Protocol String all

The protocol. Valid values:

  • icmp: ICMP
  • gre: GRE
  • tcp: TCP
  • udp: UDP
  • all: all protocols
DestinationCidrIp String 10.0.0.0/24

The destination CIDR block.

Port String -1/-1

The destination port range of the outbound traffic.

  • If Protocol of the outbound rule is set to all, icmp, or gre, the port range is -1/-1, which indicates all ports.
  • If Protocol of the outbound rule is set to tcp or udp, the port range is in the following format: 1/200 or 80/80, which indicates port 1 to port 200, or port 80. Valid values for a port: 1 to 65535.
Resources Array of Resource

The details about the resource that is associated with the network ACL.

Resource
Status String BINDED

The status of the associated resource. Valid values:

  • BINDED: The resource is associated with the network ACL.
  • BINDING: The resource is being associated with the network ACL.
  • UNBINDING: The resource is disassociated from the network ACL.
ResourceType String VSwitch

The type of resource with which you want to associate the network ACL. The value is set to VSwitch.

ResourceId String vsw-bp1de348lntdwxscd****

The ID of the associated resource.

Tags Array of Tag

The tag list.

Tag
Key String FinanceDept

The tag key.

Value String FinanceJoshua

The tag value.

Examples

Sample requests

http(s)://[Endpoint]/?NetworkAclId=nacl-a2do9e413e0spzasx****
&RegionId=cn-hangzhou
&ClientToken=123e4567-e89b-12d3-a456-426655440000
&Action=DescribeNetworkAclAttributes
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeNetworkAclAttributesResponse>
    <RequestId>F5905F9C-0161-4E72-9CB1-1F3F3CF6268A</RequestId>
    <NetworkAclAttribute>
        <Status>Available</Status>
        <VpcId>vpc-a2d33rfpl72k5defr****</VpcId>
        <CreationTime>2021-12-25 11:33:27</CreationTime>
        <Description>This is my NetworkAcl.</Description>
        <NetworkAclName>acl-1</NetworkAclName>
        <NetworkAclId>nacl-a2do9e413e0spnhmj****</NetworkAclId>
        <OwnerId>253460731706911260</OwnerId>
        <RegionId>cn-hangzhou</RegionId>
        <IngressAclEntries>
            <NetworkAclEntryId>nae-a2dk86arlydmevfbg****</NetworkAclEntryId>
            <NetworkAclEntryName>acl-3</NetworkAclEntryName>
            <Policy>accept</Policy>
            <Description>This is IngressAclEntries.</Description>
            <SourceCidrIp>10.0.0.0/24</SourceCidrIp>
            <Protocol>all</Protocol>
            <Port>-1/-1</Port>
        </IngressAclEntries>
        <EgressAclEntries>
            <NetworkAclEntryId>nae-a2d447uw4tillxdcv****</NetworkAclEntryId>
            <NetworkAclEntryName>acl-2</NetworkAclEntryName>
            <Policy>accept</Policy>
            <Description>This is EgressAclEntries.</Description>
            <Protocol>all</Protocol>
            <DestinationCidrIp>10.0.0.0/24</DestinationCidrIp>
            <Port>-1/-1</Port>
        </EgressAclEntries>
        <Resources>
            <Status>BINDED</Status>
            <ResourceType>VSwitch</ResourceType>
            <ResourceId>vsw-bp1de348lntdwxscd****</ResourceId>
        </Resources>
        <Tags>
            <Key>FinanceDept</Key>
            <Value>FinanceJoshua</Value>
        </Tags>
    </NetworkAclAttribute>
</DescribeNetworkAclAttributesResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "F5905F9C-0161-4E72-9CB1-1F3F3CF6268A",
  "NetworkAclAttribute" : {
    "Status" : "Available",
    "VpcId" : "vpc-a2d33rfpl72k5defr****",
    "CreationTime" : "2021-12-25 11:33:27",
    "Description" : "This is my NetworkAcl.",
    "NetworkAclName" : "acl-1",
    "NetworkAclId" : "nacl-a2do9e413e0spnhmj****",
    "OwnerId" : 253460731706911260,
    "RegionId" : "cn-hangzhou",
    "IngressAclEntries" : [ {
      "NetworkAclEntryId" : "nae-a2dk86arlydmevfbg****",
      "NetworkAclEntryName" : "acl-3",
      "Policy" : "accept",
      "Description" : "This is IngressAclEntries.",
      "SourceCidrIp" : "10.0.0.0/24",
      "Protocol" : "all",
      "Port" : "-1/-1"
    } ],
    "EgressAclEntries" : [ {
      "NetworkAclEntryId" : "nae-a2d447uw4tillxdcv****",
      "NetworkAclEntryName" : "acl-2",
      "Policy" : "accept",
      "Description" : "This is EgressAclEntries.",
      "Protocol" : "all",
      "DestinationCidrIp" : "10.0.0.0/24",
      "Port" : "-1/-1"
    } ],
    "Resources" : [ {
      "Status" : "BINDED",
      "ResourceType" : "VSwitch",
      "ResourceId" : "vsw-bp1de348lntdwxscd****"
    } ],
    "Tags" : [ {
      "Key" : "FinanceDept",
      "Value" : "FinanceJoshua"
    } ]
  }
}

Error codes

HttpCode Error code Error message Description
400 InvalidNetworkAcl.NotFound The special Network Acl is not found. The error message returned because the network ACL is not found.
500 InternalError The request processing has failed due to some unknown error. The error message returned because some unknown errors occurred.

For a list of error codes, see Service error codes.