Help Center/ GaussDB/ API Reference/ APIs (Recommended)/ Instance Management/ Binding or Unbinding a NAT Gateway
Updated on 2026-04-27 GMT+08:00
View PDF
Share

Binding or Unbinding a NAT Gateway

Function

This API is used to bind or unbind a NAT gateway to or from a node within an instance. Before calling this API:

Constraints

  • To ensure database access, verify that the security group associated with the database allows traffic on the database port. For example, if the port is 8000, make sure the security group has an inbound rule that permits access from the visitor network's IP address on port 8000. You can obtain the database port from the Network Information area on the Basic Information page of the instance.
  • Before calling this API, create a public NAT gateway first and ensure that its VPC and subnet match those of the GaussDB instance. For details about how to create a public NAT gateway, see Buying a Public NAT Gateway.
  • When you connect to a distributed instance through JDBC via a NAT gateway, the autoBalance parameter is not supported.
  • After a NAT gateway is bound to a GaussDB instance, do not delete the DNAT rule on the NAT gateway's DNAT Rules page. If the DNAT rule is deleted, it will not be removed from the GaussDB console, and the EIP will no longer be usable for connecting to the DB instance.

Debugging

You can debug this API in API Explorer.

Authorization

Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned.

  • If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
  • If you are using identity policy-based authorization, the permission listed below is required.

    Action

    Access Level

    Resource Type (*: required)

    Condition Key

    Alias

    Dependencies

    gaussdb:instance:bindEIP

    write

    instance

    -
    • gaussdb:instance:bindPublicIp
    • gaussdb:instance:modify

    nat:dnatRules:create

    nat:dnatRules:delete

    nat:natGateways:create

    nat:natGateways:listTags

    eip:publicIps:associateInstance

    eip:publicIps:disassociateInstance

URI

PUT /v3/{project_id}/instances/{instance_id}/dnat

Table 1 Parameter description

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID of a tenant in a region.

To obtain the value, see Obtaining a Project ID.

Constraints

N/A

Range

The value can contain 32 characters. Only letters and digits are allowed.

Default Value

N/A

instance_id

Yes

String

Definition

Instance ID, which uniquely identifies an instance. For details about how to obtain the instance ID, see Querying DB Instances.

Constraints

N/A

Range

The value can contain 36 characters. Only letters and digits are allowed.

Default Value

N/A

Request Parameters

Table 2 Parameter description

Parameter

Mandatory

Type

Description

action

Yes

String

Definition

Operation identifier.

Constraints

N/A

Range

  • BIND: binding a NAT gateway
  • UNBIND: unbinding a NAT gateway

Default Value

N/A

node_id

Yes

String

Definition

ID of the node to which the NAT gateway will be bound or from which it will be unbound. To obtain the value, see the nodes parameter returned by the Querying DB Instances API.

Constraints

For distributed instances, only CNs are supported. For centralized instances, log nodes are not supported.

Range

N/A

Default Value

N/A

public_ip_id

No

String

Definition

EIP ID.

For details about how to obtain the EIP ID, see Querying All EIPs.

Constraints

  • This parameter is mandatory when action is set to BIND.
  • Each EIP can be bound to only one NAT gateway.

Range

The value is in UUID format.

Default Value

N/A

nat_gateway_id

No

String

Definition

ID of the public NAT gateway.

For details about how to obtain the ID, see Querying Public NAT Gateways.

Constraints

  • This parameter is mandatory when action is set to BIND.
  • The VPC and subnet of the NAT gateway must match those of the GaussDB instance.

Range

The value is in UUID format.

Default Value

N/A

external_service_port

No

Integer

Definition

Port used to provide services to external systems. You can connect to the DB instance using the EIP and this port number.

Constraints

This parameter is mandatory when action is set to BIND.

Range

0–65535

Default Value

N/A

Response Parameters

None

Example Request

  • Binding a NAT gateway 
    PUT https://gaussdb-opengauss.ap-southeast-1.myhuaweicloud.com/v3/0483b6b16e954cb88930a360d2c4e663/instances/dsfae23fsfdsae3435in14/dnat

{
    "node_id":"890599148fc64bda8dd10b9ba72a0192no14",
    "public_ip_id":"0d8c2bd4-745a-4381-ad5e-7dc51142918b",
    "nat_gateway_id":"2219bb95-cb16-4296-91f8-96c00ffab5c9",
    "external_service_port":"3000",
    "action":"BIND"
}
  • Unbinding a NAT gateway 
    PUT https://gaussdb-opengauss.ap-southeast-1.myhuaweicloud.com/v3/0483b6b16e954cb88930a360d2c4e663/instances/dsfae23fsfdsae3435in14/dnat

{
    "node_id":"ff4d04e9a27b41c89faec0eceee8ff5fno14",
    "action":"UNBIND"
}

Example Response

NAT gateway bound or unbound. 
{}

Status Codes

Error Codes

For details, see Error Codes.

Parent topic: Instance Management