Creating a Custom Security Policy
Function
This API is used to create a custom security policy. If you need a custom security policy, you need to specify security_policy_id when you add an HTTPS or TLS listener to your load balancer.
Calling Method
For details, see Calling APIs.
URI
POST /v3/{project_id}/elb/security-policies
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Definition: Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID. Constraints: N/A Range: The value can contain a maximum of 32 characters, including digits and lowercase letters. Default value: N/A |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
Definition: Specifies the token used for IAM authentication. Constraints: N/A Range: N/A Default value: N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
security_policy |
Yes |
CreateSecurityPolicyOption object |
Definition: Specifies the parameters for creating a custom security policy. Constraints: N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
No |
String |
Definition: Specifies the name of the custom security policy. Constraints: N/A Range: 0 to 255 characters. Default value: N/A |
description |
No |
String |
Definition: Specifies the description of the custom security policy. Constraints: N/A Range: 0 to 255 characters. Default value: N/A |
enterprise_project_id |
No |
String |
Definition: Specifies the ID of the enterprise project. If no enterprise project ID is specified during resource creation, 0 is returned, indicating that the resource belongs to the default enterprise project. Constraints: The enterprise project ID cannot be "", 0, or an enterprise project ID that does not exist. Range: N/A Default value: 0 |
protocols |
Yes |
Array of strings |
Definition: Lists the TLS protocols supported by the custom security policy. Constraints: N/A Range: TLSv1, TLSv1.1, TLSv1.2, or TLSv1.3. Default value: N/A |
ciphers |
Yes |
Array of strings |
Definition: Lists the cipher suites supported by the custom security policy. Constraints: The protocol and cipher suite must match. At least one cipher suite must match the protocol. Range: ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-GCM-SHA256, AES128-GCM-SHA256, AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, AES128-SHA256,AES256-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, AES128-SHA, AES256-SHA, CAMELLIA128-SHA, DES-CBC3-SHA, CAMELLIA256-SHA, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-CHACHA20-POLY1305, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256 Default value: N/A
NOTE:
You can match the protocol and cipher suite based on system security policy.
|
Response Parameters
Status code: 201
Parameter |
Type |
Description |
---|---|---|
security_policy |
SecurityPolicy object |
Definition: Specifies the custom security policy information. |
request_id |
String |
Definition: Specifies the request ID. Range: The value is automatically generated, and can contain characters including digits, lowercase letters, and hyphens (-). |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Definition: Specifies the ID of the custom security policy. Range: N/A |
project_id |
String |
Definition: Specifies the project ID of the custom security policy. Range: N/A |
name |
String |
Definition: Specifies the name of the custom security policy. Range: N/A |
description |
String |
Definition: Provides supplementary information about the custom security policy. Range: N/A |
listeners |
Array of ListenerRef objects |
Definition: Specifies the listener to be associated. Default value: N/A |
protocols |
Array of strings |
Definition: Lists the TLS protocols supported by the custom security policy. |
ciphers |
Array of strings |
Definition: Lists the cipher suites supported by the custom security policy. |
created_at |
String |
Definition: Specifies the creation time. Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format. |
updated_at |
String |
Definition: Specifies the update time. Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format. |
Example Requests
Creating a custom security policy and specifying the TLS protocol and cipher suite
POST https://{ELB_Endpoint}/v3/7a9941d34fc1497d8d0797429ecfd354/elb/security-policies { "security_policy" : { "name" : "test_1", "description" : "test1", "protocols" : [ "TLSv1.2", "TLSv1", "TLSv1.3" ], "ciphers" : [ "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256" ] } }
Example Responses
Status code: 201
Successful request.
{ "request_id" : "6b50d914-41f2-4e50-8929-e8a9837dbe75", "security_policy" : { "id" : "d74e27c9-4d60-427c-a11f-21142117c433", "name" : "test_1", "project_id" : "7a9941d34fc1497d8d0797429ecfd354", "description" : "test1", "protocols" : [ "TLSv1.2", "TLSv1", "TLSv1.3" ], "ciphers" : [ "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256" ], "listeners" : [ ], "created_at" : "2021-03-26T01:33:12Z", "updated_at" : "2021-03-26T01:33:12Z" } }
Status Codes
Status Code |
Description |
---|---|
201 |
Successful request. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.