GrantInstanceToTransitRouter_云企业网_API文档

Plugin DownloadLearn more
VS Code Plugin
Before installing the plugin, please install VS CodeBefore installing the plugin, please install VS Code
Alibaba Cloud Developer Toolkit is a collection of extensions that can help access Alibaba Cloud services in Visual Studio Code.
JetBrains Plugin
Before installing the plugin, please install JetBrains IDEBefore installing the plugin, please install JetBrains IDE
The Alibaba Cloud Developer Toolkit for JetBrains makes it easier to access Alibaba Cloud services.

Operation Description

  • The GrantInstanceToTransitRouter operation can be used to grant transit routers permissions on network instances that belong to other Alibaba Cloud accounts, including virtual private clouds (VPCs), virtual border routers (VBRs), IPsec-VPN connections, and Express Connect Router (ECRs).

    To grant transit routers permissions on Cloud Connect Network (CCN) instances, call the GrantInstanceToCbn operation.

  • Before you call GrantInstanceToTransitRouter, take note of the billing rules, permission limits, and prerequisites on permission management of transit routers. For more information, see Acquire permissions to connect to a network instance that belongs to another account.

  • Before you grant a transit router permissions on a network instance, make sure that the following requirements are met:

    The account to which the network instance belongs and the account to which the transit router belongs are of the same type.

    The ID of the Alibaba Cloud account to which the transit router belongs is obtained.

    The ID of the Cloud Enterprise Network (CEN) instance to which the Enterprise Edition transit router belongs is obtained.

    Before you grant a transit router permissions on a VBR, contact your account manager to acquire permissions on the VBR.

    Before you grant a transit router permissions on an IPsec-VPN connection, make sure that the IPsec-VPN connection is not associated with a resource.

    If the IPsec-VPN connection is attached to a VPN gateway, the IPsec-VPN connection cannot be attached to transit routers within the same account or different accounts.

    If the IPsec-VPN connection is attached to a transit router, detach the IPsec-VPN connection from the transit router. For more information, see Delete a network instance connection.

Quotas Info

There is no quotas information in the current API.

Authorization Information

The following table shows the authorization information corresponding to this API, which can be used in the Action policy element to grant a RAM user or RAM role the permissions to call the API. Please use RAM to set up these permissions and refer to RAM documentation for more instructions.

Description:View Details...

ActionsAccess levelResource typeCondition keyAssociated operation
cen:GrantInstanceToTransitRouter
Create
All Resources
*
NoneNone

Request Parameters

Field NameField Details
CenIdstring

Enter the ID of the Cloud Enterprise Network (CEN) instance to which the transit router belongs.

Example:cen-44m0p68spvlrqq****Reference Value Source:
    CreateCen
InstanceIdstring

The ID of the network instance.

Example:vpc-bp1h8vbrbcgohcju5****Reference Value Source:
    DescribeCenAttachedChildInstances
InstanceTypestring

The type of network instance. Valid values:View Details...

Example:VPCReference Value Source:
    CreateCenChildInstanceRouteEntryToCen
RegionIdstring

The ID of the region where the network instance is deployed.View Details...

Example:cn-hangzhouReference Value Source:
    DescribeChildInstanceRegions
CenOwnerIdinteger<int64>

The ID of the Alibaba Cloud account to which the CEN instance belongs.

Notice The field type is Long, and the precision may be lost during serialization/deserialization. Please note that the value must not be greater than 9007199254740991.
Example:1250123456123456
OrderTypestring

The entity that pays the fees of the network instance. Valid values:View Details...

Example:PayByCenOwnerEnumeration Value:PayByCenOwnerPayByResourceOwner

Response Parameters

Field NameField Details
RequestIdstring

The ID of the request.

Example:C6E5992C-A57B-5A6C-9B26-568074DC68BA

Sample Response

Error Codes

Global Error Codes
HTTP Status CodeError CodesError MessageActions
400
Forbbiden.TransitRouterServiceNotOpen
The user has not open transit router service.Diagnose
400
NoPermission.AliyunServiceRoleForCEN
You are not authorized to create the service linked role. Role Name: AliyunServiceRoleForCEN. Service Name: cen.aliyuncs.com. Make sure that the user has been granted the ram:CreateServiceLinkedRole permission.Diagnose
400
IllegalParam.CenId
The specified CenId is invalid.Diagnose
400
OperationFailed.TaskConflict
The operation is too frequent, please wait a moment and try again.Diagnose
400
InvalidVbr.NotFound
vbr is not found.Diagnose
400
OperationFailed.GrantCrossAccountExist
Cross-account authorization already exists.Diagnose
400
Forbidden.TransitRouterServiceExpired
The transit router service is out of service.Diagnose
400
Forbidden.OperateShareResource
You cannot operate shared resources.Diagnose
400
InvalidParameter
Invalid parameter.Diagnose
400
Unauthorized
The AccessKeyId is unauthorized.Diagnose
404
InvalidInstanceId.NotFound
InstanceId is not found.Diagnose

Change History

Change timeChange content summaryoperation
2024-11-28
changeError code 400
2024-10-28
changeError code 400
2024-07-10
changeError code 400
2023-12-26
changeRequest parameter RegionId
2022-12-07
changeError code 400
2022-12-02
addError code 400
addError code 404
  • 1
  • 2
  • 10 / page

Examples