# CreateNetworkAcl
Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.
For more information, see [Network ACLs](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) in the *Amazon VPC User Guide*.
## Request Parameters
The following parameters are for this specific action. For more information about required and optional parameters that are common to all actions, see [Common Query Parameters](CommonParameters.md).
**ClientToken**
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see [Ensuring idempotency](https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html).
Type: String
Required: No
**DryRun**
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
Type: Boolean
Required: No
**TagSpecification.N**
The tags to assign to the network ACL.
Type: Array of [TagSpecification](API_TagSpecification.md) objects
Required: No
**VpcId**
The ID of the VPC.
Type: String
Required: Yes
## Response Elements
The following elements are returned by the service.
**clientToken**
Unique, case-sensitive identifier to ensure the idempotency of the request. Only returned if a client token was provided in the request.
Type: String
**networkAcl**
Information about the network ACL.
Type: [NetworkAcl](API_NetworkAcl.md) object
**requestId**
The ID of the request.
Type: String
## Errors
For information about the errors that are common to all actions, see [Common client error codes](errors-overview.md#CommonErrors).
## Examples
### Example
This example creates a network ACL in the specified IPv6-enabled VPC. The response includes default IPv4 and IPv6 entries for egress and ingress traffic, each with a high rule number. These are the last entries we process to decide whether traffic is allowed in or out of an associated subnet. If the traffic doesn't match any rules with a lower rule number, then these default entries ultimately deny the traffic.
#### Sample Request
```
https://ec2.amazonaws.com/?Action=CreateNetworkAcl
&VpcId=vpc-11ad4878
&AUTHPARAMS
```
#### Sample Response
```
59dbff89-35bd-4eac-99ed-be587EXAMPLE
acl-5fb85d36
vpc-11ad4878
false
-
32767
all
deny
true
0.0.0.0/0
-
32767
all
deny
false
0.0.0.0/0
-
32768
all
deny
true
::/0
-
32768
all
deny
false
::/0
```
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/ec2-2016-11-15/CreateNetworkAcl)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/ec2-2016-11-15/CreateNetworkAcl)