调用CreateNatGateway接口创建增强型公网NAT网关或VPC NAT网关。
接口说明
在调用本接口时,请了解以下内容:
-
首次创建 NAT 网关时,系统会自动创建一个名称为 AliyunServiceRoleForNatgw 的服务关联角色,并且为该角色添加名称为 AliyunServiceRolePolicyForNatgw 的权限策略,授予 NAT 网关拥有访问其他云资源的权限。更多信息,请参见服务关联角色。
-
增强型公网 NAT 网关创建后,系统会在 VPC 的路由表中自动添加一条目标网段为 0.0.0.0/0,下一跳为 NAT 网关的路由条目,用于将流量路由到 NAT 网关。
-
CreateNatGateway 接口属于异步接口,即系统会先返回一个 NAT 网关(公网 NAT 网关或 VPC NAT 网关)实例 ID,但该 NAT 网关实例并未创建完成,系统后台的创建任务仍在进行。您可以调用 DescribeNatGateways 查询 NAT 网关的状态。
-
当 NAT 网关处于 Creating 状态时,表示 NAT 网关正在创建中,在该状态下,您只能执行查询操作,不能执行其他操作。
-
当 NAT 网关处于 Available 状态时,表示 NAT 网关创建完成。
-
NAT 网关创建一般需要 1~3 分钟,请您耐心等待。
调试
您可以在OpenAPI Explorer中直接运行该接口,免去您计算签名的困扰。运行成功后,OpenAPI Explorer可以自动生成SDK代码示例。
调试
授权信息
请求参数
|
名称 |
类型 |
必填 |
描述 |
示例值 |
| RegionId |
string |
是 |
NAT 网关所在的地域 ID。 您可以通过调用 DescribeRegions 接口获取地域 ID。 |
cn-hangzhou |
| VpcId |
string |
是 |
需要创建 NAT 网关的 VPC 的 ID。 |
vpc-bp1di7uewzmtvfuq8**** |
| Name |
string |
否 |
NAT 网关的名称。 名称长度为 2~128 个字符,以大小写字母或中文开头,可包含数字、下划线(_)和短划线(-)。 如果没有指定该参数,系统会为 NAT 网关创建默认的名称。 |
fortest |
| Description |
string |
否 |
NAT 网关的描述。 描述可以为空;或填写 2~256 个字符,不能以 |
testnat |
| ClientToken |
string |
否 |
客户端 Token,用于保证请求的幂等性。 由客户端生成该参数值,要保证在不同请求间唯一。 说明
若您未指定,则系统自动使用 API 请求的 RequestId 作为 ClientToken 标识。每次 API 请求的 RequestId 可能不一样。 |
5A2CFF0E-5718-45B5-9D4D-70B3FF3898 |
| Spec |
string |
否 |
包年包月公网 NAT 网关已停止新购,该参数不再使用。 |
无效参数 |
| InstanceChargeType |
string |
否 |
NAT 网关的付费模式,取值: PostPaid(默认值):按量付费。 更多信息,请参见公网 NAT 网关计费和VPC NAT 网关计费。 |
PostPaid |
| PricingCycle |
string |
否 |
包年包月公网 NAT 网关已停止新购,该参数不再使用。 |
无效参数 |
| Duration |
string |
否 |
包年包月公网 NAT 网关已停止新购,该参数不再使用。 |
无效参数 |
| AutoPay |
boolean |
否 |
包年包月公网 NAT 网关已停止新购,该参数不再使用。 |
无效参数 |
| VSwitchId |
string |
否 |
NAT 网关所属的交换机的 ID。 创建 NAT 网关时,您必须指定 NAT 网关所属的交换机,系统会为 NAT 网关分配一个交换机内的空闲私网 IP 地址。
说明
您可以通过 ListEnhanhcedNatGatewayAvailableZones 接口查询 NAT 网关的资源可用区,通过 DescribeVSwitches 接口查询交换机中的可用 IP 数。 |
vsw-bp1e3se98n9fq8hle**** |
| NatType |
string |
否 |
NAT 网关的类型,取值:Enhanced,增强型 NAT 网关。 |
Enhanced |
| InternetChargeType |
string |
否 |
NAT 网关的计费类型,取值:PayByLcu,表示按使用量计费。 |
PayByLcu |
| NetworkType |
string |
否 |
创建的 NAT 网关类型,取值:
|
internet |
SecurityProtectionEnabled
deprecated
|
boolean |
否 |
是否开启防火墙功能,取值:
|
false |
| IcmpReplyEnabled |
boolean |
否 |
是否开启 ICMP 代回。取值:
|
true |
| PrivateLinkEnabled |
boolean |
否 |
是否开启私网连接。取值:
|
false |
| EipBindMode |
string |
否 |
NAT 网关的 EIP 绑定模式,取值:
|
MULTI_BINDED |
| Tag |
array<object> |
否 |
标签列表。 |
MULTI_BINDED |
|
object |
否 |
|||
| Key |
string |
否 |
标签键。API 调用时使用 Tag.N.Key 的形式,N 的取值范围:1~20。一旦传入该值,则不允许为空字符串。最多支持 128 个字符,不能以 aliyun 或 acs:开头,不能包含 http://或 https://。 |
TestKey |
| Value |
string |
否 |
标签值。API 调用时使用 Tag.N.Value 的形式,N 的取值范围:1~20。一旦传入该值,则不允许为空字符串。最多支持 128 个字符,不能以 aliyun 或 acs:开头,不能包含 http://或 https://。 |
TestValue |
| AccessMode |
object |
否 |
反向访问 VPC NAT 网关的访问模式。 |
MULTI_BINDED |
| ModeValue |
string |
否 |
访问模式取值:
说明
当此字段取值时,PrivateLinkEnabled 字段,必须为:true。 |
route |
| TunnelType |
string |
否 |
隧道模式类型:
说明
当访问模式为隧道模式时此值有效。 |
geneve |
| NatIp |
string |
否 |
NAT 网关占用的私网 IP 地址。请使用 NAT 所在交换机网段中未分配的 IP,当为空时会随机分配 IP 地址。 |
192.168.0.2 |
| Ipv4Prefix |
string |
否 |
创建 IP 前缀地址段,用于批量创建 NAT IP。请使用 NAT 所在交换机中未分配的预留网段。 |
192.168.0.0/28 |
| AvailabilityMode |
string |
否 |
返回参数
|
名称 |
类型 |
描述 |
示例值 |
|
object |
返回数据结构体。 |
||
| NatGatewayId |
string |
创建的 NAT 网关的实例 ID。 |
ngw-112za33e4**** |
| RequestId |
string |
请求 ID。 |
2315DEB7-5E92-423A-91F7-4C1EC9AD97C3 |
| ForwardTableIds |
object |
||
| ForwardTableId |
array |
DNAT 列表。 |
|
|
string |
DNAT 列表。 |
ftb-11tc6xgmv**** |
|
| SnatTableIds |
object |
||
| SnatTableId |
array |
SNAT 列表。 |
|
|
string |
SNAT 列表。 |
stb-SnatTableIds**** |
|
| FullNatTableIds |
object |
||
| FullNatTableId |
array |
FULLNAT 列表。 |
|
|
string |
FULLNAT 列表。 |
fulltb-gw88z7hhlv43rmb26**** |
示例
正常返回示例
JSON格式
{
"NatGatewayId": "ngw-112za33e4****",
"RequestId": "2315DEB7-5E92-423A-91F7-4C1EC9AD97C3",
"ForwardTableIds": {
"ForwardTableId": [
"ftb-11tc6xgmv****"
]
},
"SnatTableIds": {
"SnatTableId": [
"stb-SnatTableIds****"
]
},
"FullNatTableIds": {
"FullNatTableId": [
"fulltb-gw88z7hhlv43rmb26****"
]
}
}错误码
|
HTTP status code |
错误码 |
错误信息 |
描述 |
|---|---|---|---|
| 400 | Forbidden.NatPayBySpec | Pay-by-specification NAT is no longer supported. Newly purchased pay-as-you-go NAT gateways only support the pay-by-CU metering method. | 按规格计费的NAT网关已经不再进行售卖,请选择按CU使用量计费的NAT网关 |
| 400 | DependencyViolation.FullNatEntry | The specified resource of %s depends on %s, so the operation cannot be completed. | |
| 400 | UnsupportedFeature.InternetChargeType | The feature of InternetChargeType is not supported. | |
| 400 | InvalidVPCStatus | vpc incorrect status. | |
| 400 | InvalidNatGatewayName.MalFormed | NatGateway name is not valid. | |
| 400 | InvalidNatGatewayDescription.MalFormed | NatGateway description is not valid. | |
| 400 | MissingParameter.BandwidthPackage | only support one BandwidthPackage be created with NatGateway. | |
| 400 | OperationDenied | The user cannot allow to create natgw, please call PD to authorize | |
| 400 | RouterEntryConflict.Duplicated | A route entry already exists, which CIDR is '0.0.0.0/0' | |
| 400 | MissingParameter | Miss mandatory parameter. | |
| 400 | QuotaExceeded.BandwidthPackageIps | The specified ipCount exceeded quota. | IP数量超过上限,可以在配额管理页面申请增加配额。 |
| 400 | AllocateIpFailed | Alloc bandwidthPackage ips failed, maybe no available ip. | |
| 400 | InvalidParameter.Name.Malformed | The specified Name is not valid. | |
| 400 | InvalidParameter.Description.Malformed | The specified Description is not valid. | |
| 400 | ZONE_NO_AVAILABLE_IP | The Zone have no available ip. | |
| 400 | ParameterIllegal | ipCount,bandwidth parameter invalid | |
| 400 | InvalidParameter.BandwidthPackage.n.ISP.ValueNotSupport | The specified ISP of BandwidthPackage is not valid. | |
| 400 | InvalidNatGatewayId.NotFound | The NatGatewayId not exist. | |
| 400 | VpcStatusError | The Vpc is creating . | |
| 400 | InvalidParameter.Spec.ValueNotSupported | The specified Spec is not valid. | |
| 400 | TaskConflict | The operation is too frequent, TaskConflict. | 操作太频繁,请稍后重试 |
| 400 | COMMODITY.INVALID_COMPONENT | The instance component is invalid. | 销售模块参数不满足约束检查 |
| 400 | CreateNatGateway.RouteConflict.DynamicRoute | Route conflict exists in routing table. | |
| 400 | OperationUnsupported.MultiNatGateway | More than one natGateway per vpc is unsupported. | |
| 400 | Forbidden.CheckEntryRuleQuota | Route entry quota rule check error. | |
| 400 | OperationFailed.UnpaidBillsExist | The account has unpaid bills. Please pay your overdue bill first. | 此账户有未支付的订单。 |
| 400 | IncorrectStatus.RouteEntry | Specified routeEntry status error. | |
| 400 | OperationFailed.RiskControl | Risk control check failed. | 我们检测到您的付款方式存在安全风险。请通过电子邮件或控制台消息中的链接继续验证,并在验证后重新提交订单。 |
| 400 | OperationFailed.TokenVerfiy | Token verify failed. | |
| 400 | IllegalParam.Name | The specified Name is invalid, shorter than 2 characters. | |
| 400 | OperationFailed.EnhancedQuotaExceed | Enhanced nat gateway per vpc quota is exceeded | 当前vpc下创建增强型nat网关配额超限 |
| 400 | NoPermission.CreateServiceLinkedRole | You are not authorized to create service linked role | |
| 400 | OperationFailed.EnhancedInventoryNotEnough | Operation failed because inventory is not enough. | |
| 400 | OperationFailed.VswNotBelongToVpc | Operation failed because the specified VSwitch is not bound to the same VPC with NAT gateway. | 操作失败,因为交换机和NAT网关不属于同一个VPC。 |
| 400 | OperationFailed.EnhancedUserIsUnAuthorized | Operation failed because the user is not authorized to create an enhanced NAT gateway. | 操作失败因为用户未授权创建增强型NAT网关。 |
| 400 | OperationUnsupported.PrePaidPyByLcu | The operation failed because the subscription NAT gateway does not support the pay-by-LCU billing method. | 预付费的NAT网关实例不支持PayByLcu的计费方式。 |
| 400 | OperationFailed.NormalInventoryNotEnough | Standard NAT gateways are no longer offered. You can create enhanced NAT gateways and set the correct natType. | |
| 400 | OperationFailed.VSwitchNoAvailableIp | Operation failed because the specified vswitch does not have availabe ip. | |
| 400 | UnsupportedFeature.IcmpReplyEnabled | The feature of IcmpReplyEnabled is not supported. | Icmp 代答使能功能修改不支持。 |
| 400 | UnsupportedFeature.SecurityProtectionEnabled | The feature of SecurityProtectionEnabled is not supported. | |
| 400 | OperationFailed.RegionConvert | Operation failed because do not find region info. | |
| 400 | UnsupportedFeature.VpcNat | The feature of VpcNat is not supported. | |
| 400 | InvalidVSWITCHID.NotFound | The specified resource of %s is not found. | |
| 400 | Forbidden.OperateShareResource | Operate share resource is forbidden. | |
| 400 | IncorrectStatus.VSWITCH | The status of VSWITCH is incorrect. | |
| 400 | OperationFailed.VpcNatGatewayInventoryNotEnough | The operation is failed because of inventory is not enough. | |
| 400 | OperationFailed.VpcNatGatewayCheckInventory | The operation is failed because of check inventory result is unexpected | |
| 400 | ExclusiveParam.%sAnd%s | The param of %s and %s are mutually exclusive. | 参数 %s 和 %s 相互排斥。 |
| 400 | SecurityGroupType.NotSupported | The specified security group type is not supported. | 安全组已经被托管,不能使用 |
| 400 | SecurityGroup.NotExist | The specified security group is not exist. | 安全组不存在于此VPC。 |
| 400 | OperationFailed.ContainForbiddenLabel | There is a label that prohibits ordering, please contact your distributor for processing. | 存在禁止下单的标签,请联系您的分销商处理。 |
| 400 | OperationDenied.PrePaidInstance | The operation is not allowed because prepaid instance is no longer supported. | 预付费实例不再支持购买。 |
| 400 | UnsupportedFeature.Geneve | The feature of Geneve is not supported. | 当前不支持创建Geneve模式的NAT网关。 |
| 400 | OperationFailed.NoAvailableResource | The Zone have no available resource. | 区域没有可用资源。 |
| 400 | ExclusiveParam.AccessModeValueAndAccessTunnelType | The specified param AccessModeValue and AccessTunnelType are mutually exclusive. | 指定的入参AccessMode.ModeValue和AccessMode.TunnelType存在冲突 |
| 400 | ExclusiveParam.PrivateLinkModeAndAccessMode | The specified param PrivateLinkMode and AccessMode are mutually exclusive. | 指定的入参PrivateLinkMode和AccessMode存在冲突 |
| 400 | ExclusiveParam.PrivateLinkEnabledAndAccessMode | The specified paramPrivateLinkEnabled and AccessMode are mutually exclusive. | 指定的入参PrivateLinkEnabled和AccessMode存在冲突 |
| 400 | UnsupportedFeature.AccessModeValue | The feature of AccessMode.ModeValue(%s) is not supported. | VPC NAT的AccessMode.ModeValue属性不支持此操作 |
| 400 | IllegalParam.AccessTunnelType | The request parameter AccessMode.TunnelType is illegal. | 请求参数中AccessMode.TunnelType参数不合法 |
| 400 | IllegalParam.AccessModeValue | The request parameter AccessMode.ModeValue is illegal. | 请求参数中AccessMode.ModeValue参数不合法 |
| 400 | OperationFailed.VSwitchStatusError | The vSwitch is creating . | 交换机正在创建中。 |
| 400 | UnsupportedFeature.PrivateLinkMode | The feature of %s is not supported. | 暂不支持反向访问特性。 |
| 400 | OperationFailed.EcsNetworkInterfaceQuotaNotSatisfy | ECS network interface quota is not satisfy. | ECS弹性网卡配额不满足要求. |
| 400 | OperationFailed.NoNameAuthentication | You have not passed the real name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication. | 您还未通过实名认证,不符合购买条件。请登录用户中心进行实名认证。 |
| 400 | Mismatch.NatIpAndNatIpCidr | The %s and %s are mismatched. | %s和%s不匹配。 |
| 400 | Mismatch.Ipv4PrefixAndNatIpCidr | The %s and %s are mismatched. | |
| 400 | ResourceAlreadyExist.NatIp | The specified resource of NatIp has already exist. | 配置的NatIp已存在 |
| 400 | Mismatch.Ipv4PrefixAndCidrReservations | The %s and %s are mismatched. | Ipv4Prefix和交换机预留网段不匹配。 |
| 400 | ResourceAlreadyAssociated.Ipv4Prefix | %s is already associated. | Ipv4Prefix已经被分配。 |
| 400 | ResourceNotEnough.Ipv4Prefix | The resource of %s is not enough. | Ipv4Prefix资源不足。 |
| 400 | ResourceNotFound.Ipv4Prefix | The resource of s% is not found. | 资源Ipv4Prefix不存在。 |
| 400 | ResourceAlreadyAssociated.NatIp | The resource of %s was already associated. | NatIp资源已经被分配。 |
| 400 | ResourceNotEnough.NatIp | The specified resource of NatIp is not enough. | Insufficient IP addresses in the specified CIDR block. |
| 400 | ResourceNotFound.NatIp | The specified resource of %s is not found. | NatIp资源找不到。 |
| 400 | IllegalParam.Ipv4Prefix | The param of %s is illegal, must be /28 network segment. | 参数Ipv4Prefix不合法,必须为/28网段 |
| 400 | IllegalParam.NatIp | The param of %s is illegal. | 参数NatIp不合法。 |
| 400 | OperationUnsupported.EnhancedRegion | Region not support. | 当前地域暂时不支持 |
| 400 | IncorrectStatus.RouteTableStatus | The route table status is invaild. Please try again later. | 路由表状态暂不支持此操作. 请稍后重试. |
| 400 | OperationUnsupported.User | The current user does not support this operation. | 当前用户不支持此操作. |
| 400 | OperationUnsupported.EnhancedCURegion | Operation failed because of this region not unsupported. | 因不支持按量计费地域引起操作失败 |
| 400 | OrderError.NoAvailablePaymentMethod | Order payment parameter is not available. | 订单错误, 付费类型参数不可用. |
| 400 | OrderError.BasicInfoUncompleted | Order basic parameter is not completed. | 订单错误, 基础参数信息未完成. |
| 400 | OperationUnsupported.Region | Operation unsupport this region parameter. | 此操作不支持地域参数 |
| 400 | InvalidParameter.SingleZone | Operation failed because current user not support create single zone nat. | 当前用户不允许创建单az nat |
| 500 | OrderError.NatGateway | The Account failed to create order. | |
| 500 | OperationFailed.AccessTunnelId | AccessTunnelId param do operation failed. | VPC NAT生成隧道ID失败, 请稍后重试 |
| 500 | OperationFailed.EnhancedCheckInventory | The NAT gateway in the current zone is not in service, or the resource inventory is insufficient. | 当前可用区NAT网关未开服, 或底层资源库存不足。 |
| 404 | InvalidRegionId.NotFound | The specified RegionId does not exist in our records. | |
| 404 | InvalidVpcId.NotFound | Specified value of VpcId is not found in our record. | 该VPC不存在,请您检查输入的VPC是否正确。 |
| 404 | InvalidZoneId.NotFound | Specified value of ZoneId is not exists. | |
| 404 | VPC_ONLY_CAN_CREATE_ONE_NAT_GATEWAY | NatGateway in one vpc support only one. | |
| 404 | OperationFailed.CrateEntryTimeOut | Operation failed because create custom routeEntry timeout. | |
| 404 | Forbidden.CreateSpecialSpecNatGateway | You are not authorized to create special spec nat gateway. | |
| 404 | UnsupportedZoneForFwNat | The zone is unsupported for FW NAT. | 该可用区不支持防护型NAT网关。 |
访问错误中心查看更多错误码。
变更历史
更多信息,参考变更详情。