Adding Rules to a Specified Security Group

Function

This API is used to add rules to a specified security group.

Debugging

You can debug this API through automatic authentication in API Explorer.

URI

POST /v3/{project_id}/vpc/security-groups/{security_group_id}/security-group-rules/batch-create

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain a project ID, see Obtaining a Project ID.
security_group_id	Yes	String	Security Group ID

Request Parameters

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
security_group_rules	Yes	Array of BatchCreateSecurityGroupRulesOption objects	Request body for batch creating security group rules.
ignore_duplicate	No	Boolean	Specifies whether to ignore duplicate security group rules during creation. Default: false
dry_run	No	Boolean	Whether to only send the check request. The value can be: true: A check request will be sent and no security group rule will be created. Check items include mandatory parameters, request format, and permission verification. If the check fails, an error will be returned. If the check succeeds, response code 202 will be returned. false (default value): A request will be sent and a security group rule will be created.

**Table 3** BatchCreateSecurityGroupRulesOption
Parameter	Mandatory	Type	Description
description	No	String	Provides supplementary information about the security group. The value can contain no more than 255 characters and cannot contain angle brackets (< or >).
direction	Yes	String	Inbound or outbound direction of a security group rule. The value can be: ingress: inbound direction. egress: outbound direction.
ethertype	No	String	IP version The value can be IPv4 or IPv6. If you do not set this parameter, IPv4 is used by default.
protocol	No	String	Protocol type The value can be icmp, tcp, udp, icmpv6 or an IP number (0 to 255). Constraints: If the parameter is left blank, all protocols are supported. When the protocol is icmpv6, IP version should be IPv6. When the protocol is icmp, IP version should be IPv4.
multiport	No	String	Port or port range The value can be a single port (80), a port range (1-30), or inconsecutive ports separated by commas (22,3389,80). The port is from 1 to 65535.
remote_ip_prefix	No	String	Remote IP address. If direction is set to egress, the parameter specifies the source IP address. If direction is set to ingress, the parameter specifies the destination IP address. The value is an IP address or a CIDR block. Constraints: The parameter value is mutually exclusive with parameters remote_group_id and remote_address_group_id. If this parameter is left blank, the remote IP address is not limited, and the traffic from all remote IP addresses is allowed or rejected.
remote_group_id	No	String	ID of the remote security group, which allows or denies traffic to and from the security group. Value range: ID of an existing security group. The parameter value is mutually exclusive with parameters remote_ip_prefix and remote_address_group_id.
remote_address_group_id	No	String	ID of the remote IP address group. Value range: ID of an existing IP address group. The parameter value is mutually exclusive with parameters remote_ip_prefix and remote_group_id.
action	No	String	Action of the security group rule. The value can be: allow deny The default value is allow.
priority	No	String	Rule priority in a security group. The value is from 1 to 100. The value 1 indicates the highest priority. The default value is 1.

Response Parameters

Status code: 201

**Table 4** Response body parameters
Parameter	Type	Description
security_group_rules	Array of SecurityGroupRule objects	Response body for batch creating security group rules.
request_id	String	Request ID.

**Table 5** SecurityGroupRule
Parameter	Type	Description
id	String	Security group rule ID, which uniquely identifies the security group rule. The value is in UUID format with hyphens (-).
description	String	Provides supplementary information about the security group rule. The value can contain no more than 255 characters and cannot contain angle brackets (< or >).
security_group_id	String	ID of the security group to which the security group rule belongs.
direction	String	Inbound or outbound direction of a security group rule. The value can be: ingress: inbound direction. egress: outbound direction.
protocol	String	Protocol type The value can be icmp, tcp, udp, icmpv6, or an IP number. Constraints: If the parameter is left blank, all protocols are supported. When the protocol is icmpv6, IP version should be IPv6. When the protocol is icmp, IP version should be IPv4.
ethertype	String	IP version The value can be IPv4 or IPv6. If you do not set this parameter, IPv4 is used by default.
multiport	String	Port or port range The value can be a single port (80), a port range (1-30), or inconsecutive ports separated by commas (22,3389,80).
action	String	Action of the security group rule. The value can be: allow, deny. The default value is deny.
priority	Integer	Rule priority. The value is from 1 to 100. The value 1 indicates the highest priority.
remote_group_id	String	ID of the remote security group, which allows or denies traffic to and from the security group. Value range: ID of an existing security group. The parameter value is mutually exclusive with parameters remote_ip_prefix and remote_address_group_id.
remote_ip_prefix	String	Remote IP address. If direction is set to egress, the parameter specifies the source IP address. If direction is set to ingress, the parameter specifies the destination IP address. The value is an IP address or a CIDR block. Constraints: The parameter value is mutually exclusive with parameters remote_group_id and remote_address_group_id.
remote_address_group_id	String	ID of the remote IP address group. Value range: ID of an existing IP address group The parameter value is mutually exclusive with parameters remote_ip_prefix and remote_group_id.
created_at	String	Time when the security group rule is created. UTC time in the format of yyyy-MM-ddTHH:mm:ssZ.
updated_at	String	Time when the security group rule is updated. UTC time in the format of yyyy-MM-ddTHH:mm:ssZ.
project_id	String	ID of the project to which the security group rule belongs.

Example Requests

Adding two inbound rules to the security group whose ID is 15457509-18f9-4387-bae6-d4ed1898b301 with duplicate rules ignored

POST https://{Endpoint}/v3/{project_id}/vpc/security-groups/15457509-18f9-4387-bae6-d4ed1898b301/security-group-rules/batch-create

{
  "ignore_duplicate" : true,
  "security_group_rules" : [ {
    "direction" : "ingress",
    "description" : "",
    "protocol" : "tcp",
    "action" : "allow",
    "priority" : 1,
    "ethertype" : "IPv4",
    "multiport" : "22",
    "remote_ip_prefix" : "117.78.12.122/32"
  }, {
    "direction" : "ingress",
    "description" : "",
    "protocol" : "tcp",
    "action" : "allow",
    "priority" : 1,
    "ethertype" : "IPv4",
    "multiport" : "22",
    "remote_ip_prefix" : "117.78.12.122/32"
  } ]
}

Example Responses

Status code: 201

Normal response to the POST operation. For more status codes, see Status Codes.

{
  "security_group_rules" : [ {
    "id" : "abef369b-d646-4b8a-9f44-fcd248a6c421",
    "project_id" : "5f6387106c2048b589b369d96c2f23a2",
    "security_group_id" : "15457509-18f9-4387-bae6-d4ed1898b301",
    "direction" : "ingress",
    "protocol" : "tcp",
    "description" : "",
    "created_at" : "2023-04-28T04:08:52.000+00:00",
    "updated_at" : "2023-04-28T04:08:52.000+00:00",
    "ethertype" : "IPv4",
    "remote_ip_prefix" : "117.78.12.122/32",
    "multiport" : 22,
    "action" : "allow",
    "priority" : 1,
    "remote_group_id" : null,
    "remote_address_group_id" : null
  } ],
  "request_id" : "f1ae2c6f9e94babf077cd3b3e1570c81"
}