Documentation for scw vpc
April 24, 2026 ยท View on GitHub
This API allows you to manage your Virtual Private Clouds (VPCs) and Private Networks.
- Private network management command
- Route management command
- Rule management command
- VPC management command
- VPC connector management command
Private network management command
A Private Network allows you to interconnect your Scaleway resources in an isolated and private network. Network reachability is limited to resources that are on the same Private Network. Note that a resource can be a part of multiple private networks.
Create a Private Network
Create a new Private Network. Once created, you can attach Scaleway resources which are in the same region.
Usage:
scw vpc private-network create [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| name | Required Default: <generated> | Name for the Private Network |
| project-id | Project ID to use. If none is passed the default project ID will be used | |
| tags.{index} | Tags for the Private Network | |
| subnets.{index} | Private Network subnets CIDR | |
| vpc-id | VPC in which to create the Private Network | |
| default-route-propagation-enabled | Defines whether default v4 and v6 routes are propagated for this Private Network | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Delete a Private Network
Delete an existing Private Network. Note that you must first detach all resources from the network, in order to delete it.
Usage:
scw vpc private-network delete <private-network-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| private-network-id | Required | Private Network ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Enable DHCP on a Private Network
Enable DHCP managed on an existing Private Network. Note that you will not be able to deactivate it afterwards.
Usage:
scw vpc private-network enable-dhcp [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| private-network-id | Required | Private Network ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Get a Private Network
Retrieve information about an existing Private Network, specified by its Private Network ID. Its full details are returned in the response object.
Usage:
scw vpc private-network get <private-network-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| private-network-id | Required | Private Network ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
List Private Networks
List existing Private Networks in the specified region. By default, the Private Networks returned in the list are ordered by creation date in ascending order, though this can be modified via the order_by field.
Usage:
scw vpc private-network list [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| order-by | One of: created_at_asc, created_at_desc, name_asc, name_desc | Sort order of the returned Private Networks |
| name | Name to filter for. Only Private Networks with names containing this string will be returned | |
| tags.{index} | Tags to filter for. Only Private Networks with one or more matching tags will be returned | |
| project-id | Project ID to filter for. Only Private Networks belonging to this Project will be returned | |
| private-network-ids.{index} | Private Network IDs to filter for. Only Private Networks with one of these IDs will be returned | |
| vpc-id | VPC ID to filter for. Only Private Networks belonging to this VPC will be returned | |
| dhcp-enabled | DHCP status to filter for. When true, only Private Networks with managed DHCP enabled will be returned | |
| organization-id | Organization ID to filter for. Only Private Networks belonging to this Organization will be returned | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw, all | Region to target. If none is passed will use default region from the config |
Update Private Network
Update parameters (such as name or tags) of an existing Private Network, specified by its Private Network ID.
Usage:
scw vpc private-network update <private-network-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| private-network-id | Required | Private Network ID |
| name | Name for the Private Network | |
| tags.{index} | Tags for the Private Network | |
| default-route-propagation-enabled | Defines whether default v4 and v6 routes are propagated for this Private Network | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Route management command
Custom routes.
Create a Route
Create a new custom Route.
Usage:
scw vpc route create [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| description | Route description | |
| tags.{index} | Tags of the Route | |
| vpc-id | VPC the Route belongs to | |
| destination | Destination of the Route | |
| nexthop-resource-id | ID of the nexthop resource | |
| nexthop-private-network-id | ID of the nexthop private network | |
| nexthop-vpc-connector-id | ID of the nexthop VPC Connector | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Delete a Route
Delete a Route specified by its Route ID.
Usage:
scw vpc route delete <route-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| route-id | Required | Route ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Enable routing on a VPC
Enable routing on an existing VPC. Note that you will not be able to deactivate it afterwards.
Usage:
scw vpc route enable-routing <vpc-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-id | Required | VPC ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Get a Route
Retrieve details of an existing Route, specified by its Route ID.
Usage:
scw vpc route get <route-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| route-id | Required | Route ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Return routes with associated next hop data
Return routes with associated next hop data.
Usage:
scw vpc route list [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| order-by | One of: created_at_asc, created_at_desc, destination_asc, destination_desc, prefix_len_asc, prefix_len_desc | Sort order of the returned routes |
| vpc-id | VPC to filter for. Only routes within this VPC will be returned | |
| nexthop-resource-id | Next hop resource ID to filter for. Only routes with a matching next hop resource ID will be returned | |
| nexthop-private-network-id | Next hop private network ID to filter for. Only routes with a matching next hop private network ID will be returned | |
| nexthop-resource-type | One of: unknown_type, vpc_gateway_network, instance_private_nic, baremetal_private_nic, apple_silicon_private_nic, vpn_gateway | Next hop resource type to filter for. Only Routes with a matching next hop resource type will be returned |
| nexthop-vpc-connector-id | Next hop VPC connector ID to filter for. Only routes with a matching next hop VPC connector ID will be returned | |
| contains | Only routes whose destination is contained in this subnet will be returned | |
| tags.{index} | Tags to filter for, only routes with one or more matching tags will be returned | |
| is-ipv6 | Only routes with an IPv6 destination will be returned | |
| region | Default: fr-parOne of: all | Region to target. If none is passed will use default region from the config |
Update Route
Update parameters of the specified Route.
Usage:
scw vpc route update <route-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| route-id | Required | Route ID |
| description | Route description | |
| tags.{index} | Tags of the Route | |
| destination | Destination of the Route | |
| nexthop-resource-id | ID of the nexthop resource | |
| nexthop-private-network-id | ID of the nexthop private network | |
| nexthop-vpc-connector-id | ID of the nexthop VPC connector | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Rule management command
ACL Rules.
Edit all ACL rules of a VPC
This command starts your default editor to edit a marshaled version of your resource Default editor will be taken from EDITOR or an editor based on your system
Usage:
scw vpc rule edit [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-id | Required | ID of the Network ACL's VPC |
| is-ipv6 | Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type | |
| default-policy | Action to take for packets which do not match any rules | |
| mode | Default: yamlOne of: yaml, json | marshaling used when editing data |
| region | Default: fr-par | Region to target. If none is passed will use default region from the config |
Get ACL Rules for VPC
Retrieve a list of ACL rules for a VPC, specified by its VPC ID.
Usage:
scw vpc rule get [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-id | Required | ID of the Network ACL's VPC |
| is-ipv6 | Required | Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type. |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Set VPC ACL rules
Set the list of ACL rules and the default routing policy for a VPC.
Usage:
scw vpc rule set [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-id | Required | ID of the Network ACL's VPC |
| rules.{index}.protocol | Required One of: ANY, TCP, UDP, ICMP | Protocol to which this rule applies |
| rules.{index}.source | Required | Source IP range to which this rule applies (CIDR notation with subnet mask) |
| rules.{index}.src-port-low | Required | Starting port of the source port range to which this rule applies (inclusive) |
| rules.{index}.src-port-high | Required | Ending port of the source port range to which this rule applies (inclusive) |
| rules.{index}.destination | Required | Destination IP range to which this rule applies (CIDR notation with subnet mask) |
| rules.{index}.dst-port-low | Required | Starting port of the destination port range to which this rule applies (inclusive) |
| rules.{index}.dst-port-high | Required | Ending port of the destination port range to which this rule applies (inclusive) |
| rules.{index}.action | Required One of: unknown_action, accept, drop | Policy to apply to the packet |
| rules.{index}.description | Required | Rule description |
| is-ipv6 | Required | Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type. |
| default-policy | Required One of: unknown_action, accept, drop | Action to take for packets which do not match any rules |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
VPC management command
A Virtual Private Cloud (VPC) allows you to group your regional Private Networks together. Note that a Private Network can be a part of only one VPC.
Create a VPC
Create a new VPC in the specified region.
Usage:
scw vpc vpc create [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| name | Required Default: <generated> | Name for the VPC |
| project-id | Project ID to use. If none is passed the default project ID will be used | |
| tags.{index} | Tags for the VPC | |
| enable-routing | Enable routing between Private Networks in the VPC | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Delete a VPC
Delete a VPC specified by its VPC ID.
Usage:
scw vpc vpc delete <vpc-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-id | Required | VPC ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Get a VPC
Retrieve details of an existing VPC, specified by its VPC ID.
Usage:
scw vpc vpc get <vpc-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-id | Required | VPC ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
List VPCs
List existing VPCs in the specified region.
Usage:
scw vpc vpc list [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| order-by | One of: created_at_asc, created_at_desc, name_asc, name_desc | Sort order of the returned VPCs |
| name | Name to filter for. Only VPCs with names containing this string will be returned | |
| tags.{index} | Tags to filter for. Only VPCs with one or more matching tags will be returned | |
| project-id | Project ID to filter for. Only VPCs belonging to this Project will be returned | |
| is-default | Defines whether to filter only for VPCs which are the default one for their Project | |
| routing-enabled | Defines whether to filter only for VPCs which route traffic between their Private Networks | |
| organization-id | Organization ID to filter for. Only VPCs belonging to this Organization will be returned | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw, all | Region to target. If none is passed will use default region from the config |
Update VPC
Update parameters including name and tags of the specified VPC.
Usage:
scw vpc vpc update <vpc-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-id | Required | VPC ID |
| name | Name for the VPC | |
| tags.{index} | Tags for the VPC | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
VPC connector management command
VPC peering connectors.
Create a VPC connector
Create a new VPC connector in the specified region.
Usage:
scw vpc vpc-connector create [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| name | Required Default: <generated> | Name for the VPC connector |
| tags.{index} | Tags for the VPC connector | |
| vpc-id | VPC ID to filter for. Only connectors belonging to this VPC will be returned | |
| target-vpc-id | Target VPC ID to filter for. Only connectors belonging to this target VPC will be returned | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Delete a VPC connector
Delete a VPC connector specified by its VPC connector ID.
Usage:
scw vpc vpc-connector delete <vpc-connector-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-connector-id | Required | VPC connector ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
Get a VPC connector
Retrieve details of an existing VPC connector, specified by its VPC connector ID.
Usage:
scw vpc vpc-connector get <vpc-connector-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-connector-id | Required | VPC connector ID |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |
List VPC connectors
List existing VPC connectors in the specified region.
Usage:
scw vpc vpc-connector list [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| order-by | One of: created_at_asc, created_at_desc, name_asc, name_desc | Sort order of the returned VPC connectors |
| name | Name to filter for. Only connectors with names containing this string will be returned | |
| tags.{index} | Tags to filter for. Only connectors with one or more matching tags will be returned | |
| project-id | Project ID to filter for. Only connectors belonging to this Project will be returned | |
| vpc-id | VPC ID to filter for. Only connectors belonging to this VPC will be returned | |
| target-vpc-id | Target VPC ID to filter for. Only connectors belonging to this target VPC will be returned | |
| status | One of: unknown_vpc_connector_status, orphan, peered, conflict | Status of the VPC connector |
| organization-id | Organization ID to filter for. Only connectors belonging to this Organization will be returned | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw, all | Region to target. If none is passed will use default region from the config |
Update VPC connector
Update parameters including name and tags of the specified VPC connector.
Usage:
scw vpc vpc-connector update <vpc-connector-id ...> [arg=value ...]
Args:
| Name | Description | |
|---|---|---|
| vpc-connector-id | Required | VPC connector ID |
| name | Name for the VPC connector | |
| tags.{index} | Tags for the VPC connector | |
| region | Default: fr-parOne of: fr-par, it-mil, nl-ams, pl-waw | Region to target. If none is passed will use default region from the config |