Example 2: Configuring a Security Group for an ECS
Scenarios
This section describes how to configure a security group for an ECS by calling APIs.
Prerequisites
- You have purchased an ECS. For details, see Creating an ECS.
- If you use a token for authentication, you must obtain the token and add X-Auth-Token to the request header when making an API call. Obtain the token by referring to Authentication.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling.
Procedure
- Obtain the NIC information based on the ECS ID.
- Send GET https://VPC endpoint/v1/{project_id}/ports?device_id={ecs_id}. Parameter project_id indicates the project ID.
- Add X-Auth-Token to the request header.
- Check the response message.
- The request is successful if the following response is displayed.
{ "ports": [{ "id": "02c72193-efec-42fb-853b-c33f2b802467", "name": "", "status": "ACTIVE", "admin_state_up": true, "fixed_ips": [{ "subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12", "ip_address": "192.168.0.75" }], "mac_address": "fa:16:3e:47:5f:c1", "network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "tenant_id": "db82c9e1415a464ea68048baa8acc6b8", "project_id": "db82c9e1415a464ea68048baa8acc6b8", "device_id": "ea61f836-b52f-41bf-9d06-685644001d6f", "device_owner": "compute:br-iaas-odin1a", "security_groups": [ "e0598d96-9451-4f8a-8de0-b8b4d451d9e7" ], "extra_dhcp_opts": [], "allowed_address_pairs": [], "binding:vnic_type": "normal", "binding:vif_details": { "primary_interface": true }, "binding:profile": {}, "port_security_enabled": true, "created_at": "2020-06-20T08:07:29", "updated_at": "2020-06-20T08:07:29" }] }
- For details about the error codes displayed if the request fails, see section Error Codes.
- The request is successful if the following response is displayed.
- View information about existing security groups.
- Send GET https://VPC endpoint/v1/{project_id}/subnets/security-groups. Parameter project_id indicates the project ID.
- Add X-Auth-Token to the request header.
- Check the response message.
- The request is successful if the following response is displayed. In the response, id indicates the security group ID.
{ "security_groups": [{ "id": "16b6e77a-08fa-42c7-aa8b-106c048884e6", "name": "qq", "description": "qq", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "enterprise_project_id ": "0aad99bc-f5f6-4f78-8404-c598d76b0ed2", "security_group_rules": [{ "direction": "egress", "ethertype": "IPv4", "id": "369e6499-b2cb-4126-972a-97e589692c62", "description": "", "security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6" }, { "direction": "ingress", "ethertype": "IPv4", "id": "0222556c-6556-40ad-8aac-9fd5d3c06171", "description": "", "remote_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6", "security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6" }] }, { "id": "9c0f56be-a9ac-438c-8c57-fce62de19419", "name": "default", "description": "qq", "vpc_id": "13551d6b-755d-4757-b956-536f674975c0", "enterprise_project_id ": "0", "security_group_rules": [{ "direction": "egress", "ethertype": "IPv4", "id": "95479e0a-e312-4844-b53d-a5e4541b783f", "description": "", "security_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419" }, { "direction": "ingress", "ethertype": "IPv4", "id": "0c4a2336-b036-4fa2-bc3c-1a291ed4c431", "description": "", "remote_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419", "security_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419" }] }] }
- For details about the error codes displayed if the request fails, see section Error Codes.
- The request is successful if the following response is displayed. In the response, id indicates the security group ID.
- Add the ECS to a security group.
- Send PUT https://VPC endpoint/v1/{project_id}/ports/{port_id}. Parameter project_id indicates the project ID.
- Add X-Auth-Token to the request header.
- Specify the following parameters in the request body:
{ "port": { "security_groups": ["9c0f56be-a9ac-438c-8c57-fce62de19419","16b6e77a-08fa-42c7-aa8b-106c048884e6"] } }
- Check the response message.
- The request is successful if the following response is displayed. In the response, id indicates the port ID.
{ "port": { "id": "02c72193-efec-42fb-853b-c33f2b802467", "name": "", "status": "ACTIVE", "admin_state_up": true, "fixed_ips": [{ "subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12", "ip_address": "192.168.0.75" }], "mac_address": "fa:16:3e:47:5f:c1", "network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "tenant_id": "db82c9e1415a464ea68048baa8acc6b8", "project_id": "db82c9e1415a464ea68048baa8acc6b8", "device_id": "ea61f836-b52f-41bf-9d06-685644001d6f", "device_owner": "compute:br-iaas-odin1a", "security_groups": ["9c0f56be-a9ac-438c-8c57-fce62de19419", "16b6e77a-08fa-42c7-aa8b-106c048884e6"], "extra_dhcp_opts": [], "allowed_address_pairs": [{ "ip_address": "1.1.1.1/0" }], "binding:vnic_type": "normal", "binding:vif_details": { "primary_interface": true }, "binding:profile": {}, "port_security_enabled": true, "created_at": "2020-06-20T08:07:29", "updated_at": "2020-06-20T08:07:29" } }
- For details about the error codes displayed if the request fails, see section Error Codes.
- The request is successful if the following response is displayed. In the response, id indicates the port ID.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.