ACL

Initialization

Confirm Endpoint

When confirming SDK usage and configuring endpoint, understand the related concepts of endpoint. Baidu AI Cloud currently supports multiple regions. Please refer toRegion Selection Guide. North China - Beijing, South China-Guangzhou, East China - Suzhou, Hong Kong, Central China-Wuhan (Financial) and North China - Baoding are supported currently. Corresponding endpoint details are as follows:

Retrieve access key

To use the security group of Baidu AI Cloud, you need a valid AK (Access Key ID) and SK (Secret Access Key) for signature certification. AK/SK are system-assigned strings used to identify users and perform signature certification for BOS. Your AK/SK information can be obtained and understood through the following steps: Register a Baidu AI Cloud account Create AK/SK

Create ACL client

The ACL client serves as an interface for ACL services, providing developers with an array of methods to interact with these services.

When creating an ACL client, first configure an ACL clientconfiguration-type config instance using Endpoint, AK and SK, and then use the config instance to configure the ACL client. The specific configuration method is as follows:

1 static final String HOST = "";
2 static final String AK = "";
3 static final String SK = "";
4 AclClientConfiguration config = new AclClientConfiguration();
5 config.setCredentials(new DefaultBceCredentials(AK, SK));
6 config.setEndpoint(HOST);
7 AclClient aclClient = new AclClient(config);

ACL management

Access control list (ACL) is a firewall component within VPC that controls subnet-level security group policies, thereby enabling flexible traffic configuration for one or multiple subnets to satisfy diverse network security demands. Before managing ACL, pay attention to the following:

Create ACL

Function declaration

1public void createAcl(CreateAclRequest createAclRequest) {
2 }

Parameter Meaning

Please refer to the OpenAPI documentation Request Parameters for Creating ACL

Response Value

• Operation succeeded

No response value

• Operation failed

For response exception list of operation failure, refer to the ACL Exception List.

Code example

For specific code examples, refer to ExampleAddAclRule.java

List ACLs

Function declaration

1 public GetAclResponse getAcl(String vpcId) {
2 }
3 public GetAclResponse getAcl(GetAclRequest getAclRequest) {
4 }

Parameter Meaning

Please refer to the OpenAPI documentation Request Parameters for Listing ACL

Response Value

• Operation succeeded

1{
2 "metadata": "For the public metadata return structure, refer to the appendix",
3    "vpcId": "vpc-0d7urd9fyxxx",
4    "vpcName": "v11",
5    "vpcCidr": "192.168.0.0/16",
6    "aclEntrys": [
7        {
8            "subnetId": "sbn-nfqvsskw93zi",
9            "subnetName": "sbn-22",
10            "subnetCidr": "192.168.1.0/24",
11            "aclRules": [
12                {
13                    "id": "ar-621tcndunsce",
14                    "subnetId": "sbn-nfqvsskw93zi",
15                    "description": "",
16                    "protocol": "tcp",
17                    "sourceIpAddress": "192.168.1.0/24",
18                    "destinationIpAddress": "1.2.3.4/32",
19                    "sourcePort": "0-65535",
20                    "destinationPort": "80",
21                    "position": 100,
22                    "direction": "egress",
23                    "ipVersion": 4,
24                    "action": "deny"
25                }
26            ]
27        }
28    ]
29}

• Operation failed

For response exception list of operation failure, refer to the ACL Exception List.

Code example

For specific code examples, refer to ExampleAclList.java

Update ACL

Function declaration

1public void modifyAclRuleAttributes(ModifyAclRuleAttributesRequest modifyAclRuleAttributesRequest) {
2 }
3public void modifyAclRuleAttributes(String aclRuleId, AclRule aclRule) {
4}

Parameter meaning

Please refer to the OpenAPI documentation Request Parameters for Updating ACL

Response value

• Operation succeeded

No response value

• Operation failed

For response exception list of operation failure, refer to the ACL Exception List.

Code example

For specific code examples, refer to ExampleUpdateAclRule.java

Delete ACL

Function declaration

1public void deleteAcl(String aclRuleId) {
2}
3public void deleteAcl(DeleteAclRequest deleteAclRequest) {
4}

Parameter meaning

Please refer to the OpenAPI documentation Request Parameters for Deleting ACL

Response Value

• Operation succeeded

No response value

• Operation failed

For response exception list of operation failure, refer to the ACL Exception List.

Code example

For specific code examples, refer to ExampleDeleteAclRule.java

Paginated query of ACL rules

Function declaration

1 public ListAclResponse listAclRules(ListAclRequest listAclRequest) {
2 }

Parameter Meaning

Please refer to the OpenAPI documentation Request Parameters for Listing ACL Rules

Response Value

• Operation succeeded

1{
2 "metadata": "For the public metadata return structure, refer to the appendix",
3    "maxKeys": 1000,
4    "isTruncated": false,
5    "aclRules": [
6        {
7            "id": "ar-jjxp7g3dihfk",
8            "subnetId": "sbn-0317afqpxw41",
9            "description": "",
10            "protocol": "tcp",
11            "sourceIpAddress": "2400:da00:e003:4c11::/64",
12            "destinationIpAddress": "1::/64",
13            "sourcePort": "0-65535",
14            "destinationPort": "80",
15            "position": 12,
16            "direction": "egress",
17            "ipVersion": 6,
18            "action": "allow"
19        }
20    ]
21}

• Operation failed

For response exception list of operation failure, refer to the ACL Exception List.

Code example

For specific code examples, refer to ExampleMarkerListAcl.java

Appendix

Public response information in Metadata format

1 {
2      "bceRequestId":"f5f0821d-45fe-439b-bbf4-fc48b639f84a",
3      "contentLength":28,
4      "contentType":"application/json;charset=UTF-8",
5      "date":1701917695000,
6      "server":"openresty/1.15.8.1"
7 }