Creating a Custom Security Policy

Function

This API is used to create a custom security policy. If you need a custom security policy, you need to specify security_policy_id when you add an HTTPS or TLS listener to your load balancer.

Calling Method

For details, see Calling APIs.

URI

POST /v3/{project_id}/elb/security-policies

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition: Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID. Constraints: N/A Range: The value can contain a maximum of 32 characters, including digits and lowercase letters. Default value: N/A

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition: Specifies the token used for IAM authentication. Constraints: N/A Range: N/A Default value: N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
security_policy	Yes	CreateSecurityPolicyOption object	Definition: Specifies the parameters for creating a custom security policy. Constraints: N/A

**Table 4** CreateSecurityPolicyOption
Parameter	Mandatory	Type	Description
name	No	String	Definition: Specifies the name of the custom security policy. Constraints: N/A Range: 0 to 255 characters. Default value: N/A
description	No	String	Definition: Specifies the description of the custom security policy. Constraints: N/A Range: 0 to 255 characters. Default value: N/A
enterprise_project_id	No	String	Definition: Specifies the ID of the enterprise project. If no enterprise project ID is specified during resource creation, 0 is returned, indicating that the resource belongs to the default enterprise project. Constraints: The enterprise project ID cannot be "", 0, or an enterprise project ID that does not exist. Range: N/A Default value: 0
protocols	Yes	Array of strings	Definition: Lists the TLS protocols supported by the custom security policy. Constraints: N/A Range: TLSv1, TLSv1.1, TLSv1.2, or TLSv1.3. Default value: N/A
ciphers	Yes	Array of strings	Definition: Lists the cipher suites supported by the custom security policy. Constraints: The protocol and cipher suite must match. At least one cipher suite must match the protocol. Range: ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-GCM-SHA256, AES128-GCM-SHA256, AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256, AES128-SHA256,AES256-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA, AES128-SHA, AES256-SHA, CAMELLIA128-SHA, DES-CBC3-SHA, CAMELLIA256-SHA, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-CHACHA20-POLY1305, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256 Default value: N/A NOTE: You can match the protocol and cipher suite based on system security policy.

Response Parameters

Status code: 201

**Table 5** Response body parameters
Parameter	Type	Description
security_policy	SecurityPolicy object	Definition: Specifies the custom security policy information.
request_id	String	Definition: Specifies the request ID. Range: The value is automatically generated, and can contain characters including digits, lowercase letters, and hyphens (-).

**Table 6** SecurityPolicy
Parameter	Type	Description
id	String	Definition: Specifies the ID of the custom security policy. Range: N/A
project_id	String	Definition: Specifies the project ID of the custom security policy. Range: N/A
name	String	Definition: Specifies the name of the custom security policy. Range: N/A
description	String	Definition: Provides supplementary information about the custom security policy. Range: N/A
listeners	Array of ListenerRef objects	Definition: Specifies the listeners that use the custom security policies.
protocols	Array of strings	Definition: Lists the TLS protocols supported by the custom security policy. Range: N/A
ciphers	Array of strings	Definition: Lists the cipher suites supported by the custom security policy. Range: N/A
created_at	String	Definition: Specifies the creation time. Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.
updated_at	String	Definition: Specifies the update time. Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.

**Table 7** ListenerRef
Parameter	Type	Description
id	String	Definition: Specifies the listener ID. Range: N/A

Example Requests

Creating a custom security policy and specifying the TLS protocol and cipher suite

POST https://{ELB_Endpoint}/v3/7a9941d34fc1497d8d0797429ecfd354/elb/security-policies

{
  "security_policy" : {
    "name" : "test_1",
    "description" : "test1",
    "protocols" : [ "TLSv1.2", "TLSv1", "TLSv1.3" ],
    "ciphers" : [ "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256" ]
  }
}

Example Responses

Status code: 201

Successful request.

{
  "request_id" : "6b50d914-41f2-4e50-8929-e8a9837dbe75",
  "security_policy" : {
    "id" : "d74e27c9-4d60-427c-a11f-21142117c433",
    "name" : "test_1",
    "project_id" : "7a9941d34fc1497d8d0797429ecfd354",
    "description" : "test1",
    "protocols" : [ "TLSv1.2", "TLSv1", "TLSv1.3" ],
    "ciphers" : [ "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256" ],
    "listeners" : [ ],
    "created_at" : "2021-03-26T01:33:12Z",
    "updated_at" : "2021-03-26T01:33:12Z"
  }
}

Status Codes

Status Code	Description
201	Successful request.

Error Codes

See Error Codes.

Parent Topic: Security Policy

Previous topic: Security Policy

Next topic: Querying Custom Security Policies

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.