Help Center/ Elastic Load Balance/ API Reference/ APIs (V3)/ Security Policy/ Creating a Custom Security Policy
Updated on 2025-09-28 GMT+08:00
View PDF

Creating a Custom Security Policy

Function

This API is used to create a custom security policy. If you need a custom security policy, you need to specify security_policy_id when you add an HTTPS or TLS listener to your load balancer.

Calling Method

For details, see Calling APIs.

URI

POST /v3/{project_id}/elb/security-policies

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition: Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Constraints: N/A

Range: The value can contain a maximum of 32 characters, including digits and lowercase letters.

Default value: N/A

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition: Specifies the token used for IAM authentication.

Constraints: N/A

Range: N/A

Default value: N/A
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

security_policy

Yes

CreateSecurityPolicyOption object

Definition: Specifies the parameters for creating a custom security policy.

Constraints: N/A
Table 4 CreateSecurityPolicyOption

Parameter

Mandatory

Type

Description

name

No

String

Definition: Specifies the name of the custom security policy.

Constraints: N/A

Range: 0 to 255 characters.

Default value: N/A

description

No

String

Definition: Specifies the description of the custom security policy.

Constraints: N/A

Range: 0 to 255 characters.

Default value: N/A

enterprise_project_id

No

String

Definition: Specifies the ID of the enterprise project. If no enterprise project ID is specified during resource creation, 0 is returned, indicating that the resource belongs to the default enterprise project.

Constraints: The enterprise project ID cannot be "", 0, or an enterprise project ID that does not exist.

Range: N/A

Default value: 0

protocols

Yes

Array of strings

Definition: Lists the TLS protocols supported by the custom security policy.

Constraints: N/A

Range: TLSv1, TLSv1.1, TLSv1.2, or TLSv1.3.

Default value: N/A

ciphers

Yes

Array of strings

Definition: Lists the cipher suites supported by the custom security policy.

Constraints: The protocol and cipher suite must match. At least one cipher suite must match the protocol.

Range: ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-GCM-SHA256,

ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-GCM-SHA256,

AES128-GCM-SHA256, AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256,

ECDHE-RSA-AES128-SHA256, AES128-SHA256,AES256-SHA256,

ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384,

ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA,

ECDHE-ECDSA-AES256-SHA, AES128-SHA, AES256-SHA, CAMELLIA128-SHA,

DES-CBC3-SHA, CAMELLIA256-SHA, ECDHE-RSA-CHACHA20-POLY1305,

ECDHE-ECDSA-CHACHA20-POLY1305, TLS_AES_128_GCM_SHA256,

TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256,

TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256

Default value: N/A

NOTE:
You can match the protocol and cipher suite based on system security policy.

Response Parameters

Status code: 201

Table 5 Response body parameters

Parameter

Type

Description

security_policy

SecurityPolicy object

Definition: Specifies the custom security policy information.

request_id

String

Definition: Specifies the request ID.

Range: The value is automatically generated, and can contain characters including digits, lowercase letters, and hyphens (-).
Table 6 SecurityPolicy

Parameter

Type

Description

id

String

Definition: Specifies the ID of the custom security policy.

Range: N/A

project_id

String

Definition: Specifies the project ID of the custom security policy.

Range: N/A

name

String

Definition: Specifies the name of the custom security policy.

Range: N/A

description

String

Definition: Provides supplementary information about the custom security policy.

Range: N/A

listeners

Array of ListenerRef objects

Definition: Specifies the listeners that use the custom security policies.

protocols

Array of strings

Definition: Lists the TLS protocols supported by the custom security policy.

Range: N/A

ciphers

Array of strings

Definition: Lists the cipher suites supported by the custom security policy.

Range: N/A

created_at

String

Definition: Specifies the creation time.

Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.

updated_at

String

Definition: Specifies the update time.

Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.
Table 7 ListenerRef

Parameter

Type

Description

id

String

Definition: Specifies the listener ID.

Range: N/A

Example Requests

Creating a custom security policy and specifying the TLS protocol and cipher suite

POST https://{ELB_Endpoint}/v3/7a9941d34fc1497d8d0797429ecfd354/elb/security-policies

{
  "security_policy" : {
    "name" : "test_1",
    "description" : "test1",
    "protocols" : [ "TLSv1.2", "TLSv1", "TLSv1.3" ],
    "ciphers" : [ "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256" ]
  }
}

Example Responses

Status code: 201

Successful request.

{
  "request_id" : "6b50d914-41f2-4e50-8929-e8a9837dbe75",
  "security_policy" : {
    "id" : "d74e27c9-4d60-427c-a11f-21142117c433",
    "name" : "test_1",
    "project_id" : "7a9941d34fc1497d8d0797429ecfd354",
    "description" : "test1",
    "protocols" : [ "TLSv1.2", "TLSv1", "TLSv1.3" ],
    "ciphers" : [ "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_128_CCM_8_SHA256" ],
    "listeners" : [ ],
    "created_at" : "2021-03-26T01:33:12Z",
    "updated_at" : "2021-03-26T01:33:12Z"
  }
}

Status Codes

Status Code

Description

201

Successful request.

Error Codes

See Error Codes.

Parent Topic: Security Policy