On this page
Help Center/ Virtual Private Cloud/ API Reference/ Application Examples/ Example 2: Configuring a Security Group for an ECS

Example 2: Configuring a Security Group for an ECS

Updated on 2024-10-31 GMT+08:00

Scenarios

This section describes how to configure a security group for an ECS by calling APIs.

Prerequisites

  • If you use a token for authentication, you must obtain the token and add X-Auth-Token to the request header when making an API call. Obtain the token by referring to Authentication.
NOTE:

The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling.

Procedure

  1. Obtain the NIC information based on the ECS ID.
    1. Send GET https://VPC endpoint/v1/{project_id}/ports?device_id={ecs_id}. Parameter project_id indicates the project ID.
    2. Add X-Auth-Token to the request header.
    3. Check the response message.
      • The request is successful if the following response is displayed.
        {
        	"ports": [{
        		"id": "02c72193-efec-42fb-853b-c33f2b802467",
        		"name": "",
        		"status": "ACTIVE",
        		"admin_state_up": true,
        		"fixed_ips": [{
        			"subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12",
        			"ip_address": "192.168.0.75"
        		}],
        		"mac_address": "fa:16:3e:47:5f:c1",
        		"network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d",
        		"tenant_id": "db82c9e1415a464ea68048baa8acc6b8",
        		"project_id": "db82c9e1415a464ea68048baa8acc6b8",
        		"device_id": "ea61f836-b52f-41bf-9d06-685644001d6f",
        		"device_owner": "compute:br-iaas-odin1a",
        		"security_groups": [
        			"e0598d96-9451-4f8a-8de0-b8b4d451d9e7"
        		],
        		"extra_dhcp_opts": [],
        		"allowed_address_pairs": [],
        		"binding:vnic_type": "normal",
        		"binding:vif_details": {
        			"primary_interface": true
        		},
        		"binding:profile": {},
        		"port_security_enabled": true,
        		"created_at": "2020-06-20T08:07:29",
        		"updated_at": "2020-06-20T08:07:29"
        	}]
        }
      • For details about the error codes displayed if the request fails, see section Error Codes.
  2. View information about existing security groups.
    1. Send GET https://VPC endpoint/v1/{project_id}/subnets/security-groups. Parameter project_id indicates the project ID.
    2. Add X-Auth-Token to the request header.
    3. Check the response message.
      • The request is successful if the following response is displayed. In the response, id indicates the security group ID.
        {
        	"security_groups": [{
        		"id": "16b6e77a-08fa-42c7-aa8b-106c048884e6",
        		"name": "qq",
        		"description": "qq",
        		"vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85",
        		"enterprise_project_id ": "0aad99bc-f5f6-4f78-8404-c598d76b0ed2",
        		"security_group_rules": [{
        			"direction": "egress",
        			"ethertype": "IPv4",
        			"id": "369e6499-b2cb-4126-972a-97e589692c62",
        			"description": "",
        			"security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6"
        		}, {
        			"direction": "ingress",
        			"ethertype": "IPv4",
        			"id": "0222556c-6556-40ad-8aac-9fd5d3c06171",
        			"description": "",
        			"remote_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6",
        			"security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6"
        		}]
        	}, {
        		"id": "9c0f56be-a9ac-438c-8c57-fce62de19419",
        		"name": "default",
        		"description": "qq",
        		"vpc_id": "13551d6b-755d-4757-b956-536f674975c0",
        		"enterprise_project_id ": "0",
        		"security_group_rules": [{
        			"direction": "egress",
        			"ethertype": "IPv4",
        			"id": "95479e0a-e312-4844-b53d-a5e4541b783f",
        			"description": "",
        			"security_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419"
        		}, {
        			"direction": "ingress",
        			"ethertype": "IPv4",
        			"id": "0c4a2336-b036-4fa2-bc3c-1a291ed4c431",
        			"description": "",
        			"remote_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419",
        			"security_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419"
        		}]
        	}]
        }
      • For details about the error codes displayed if the request fails, see section Error Codes.
  3. Add the ECS to a security group.
    1. Send PUT https://VPC endpoint/v1/{project_id}/ports/{port_id}. Parameter project_id indicates the project ID.
    2. Add X-Auth-Token to the request header.
    3. Specify the following parameters in the request body:
      {
          "port": {
              "security_groups": ["9c0f56be-a9ac-438c-8c57-fce62de19419","16b6e77a-08fa-42c7-aa8b-106c048884e6"]
          }
      }
    4. Check the response message.
      • The request is successful if the following response is displayed. In the response, id indicates the port ID.
        {
        	"port": {
        		"id": "02c72193-efec-42fb-853b-c33f2b802467",
        		"name": "",
        		"status": "ACTIVE",
        		"admin_state_up": true,
        		"fixed_ips": [{
        			"subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12",
        			"ip_address": "192.168.0.75"
        		}],
        		"mac_address": "fa:16:3e:47:5f:c1",
        		"network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d",
        		"tenant_id": "db82c9e1415a464ea68048baa8acc6b8",
        		"project_id": "db82c9e1415a464ea68048baa8acc6b8",
        		"device_id": "ea61f836-b52f-41bf-9d06-685644001d6f",
        		"device_owner": "compute:br-iaas-odin1a",
        		"security_groups": ["9c0f56be-a9ac-438c-8c57-fce62de19419", "16b6e77a-08fa-42c7-aa8b-106c048884e6"],
        		"extra_dhcp_opts": [],
        		"allowed_address_pairs": [{
        			"ip_address": "1.1.1.1/0"
        		}],
        		"binding:vnic_type": "normal",
        		"binding:vif_details": {
        			"primary_interface": true
        		},
        		"binding:profile": {},
        		"port_security_enabled": true,
        		"created_at": "2020-06-20T08:07:29",
        		"updated_at": "2020-06-20T08:07:29"
        	}
        }
      • For details about the error codes displayed if the request fails, see section Error Codes.
Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback