Updated on 2024-04-30 GMT+08:00

Creating a Security Group

Function

This API is used to create a security group.

Constraints

By default, a security group only allows instances in it to communicate with each other.

URI

POST /v3/{project_id}/vpc/security-groups

Table 1 Parameter description

Name

Mandatory

Type

Description

project_id

Yes

String

Project ID.

For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameter

Table 2 Request body parameter

Parameter

Mandatory

Type

Description

dry_run

No

Boolean

Whether to only send the check request.

The value can be:
  • true: A check request will be sent and no security group will be created. Check items include mandatory parameters, request format, and permission verification. If the check fails, an error will be returned. If the check succeeds, response code 202 will be returned.
  • false (default value): A request will be sent and a security group will be created.

security_group

Yes

CreateSecurityGroupOption object

Request body for creating a security group

Table 3 CreateSecurityGroupOption

Parameter

Mandatory

Type

Description

name

Yes

String

Security group name

The value can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

No

String

Provides supplementary information about the security group.

The value can contain no more than 255 characters and cannot contain angle brackets (< or >).

enterprise_project_id

No

String

Enterprise project ID. When creating a security group, associate the enterprise project ID with the security group.

The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-).

Value 0 indicates the default enterprise project.

Example Request

  • Create a security group and set its name to security_group_1 and description to security group description.
    "POST https://{Endpoint}/v3/{project_id}/vpc/security-groups"
    
    {
        "security_group": {
            "name": "security_group_1", 
            "description": "security group description"
        }
    }
  • Create a security group, set its name to security_group_1 and description to security group description, and specify that the request is pre-checked.
    "POST https://{Endpoint}/v3/{project_id}/vpc/security-groups"
    
    {
        "security_group": {
            "name": "security_group_1", 
            "description": "security group description"
        }, 
        "dry_run": true
    }
    

Response Parameter

When the status code is 201, the response parameters are as follows:

Table 4 Response body parameters

Parameter

Type

Description

request_id

String

Request ID

security_group

SecurityGroupInfo object

Response body for creating a security group

Table 5 SecurityGroupInfo

Parameter

Type

Description

id

String

Security group ID, which uniquely identifies the security group

The value is in UUID format with hyphens (-).

name

String

Security group name

The value can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

String

Provides supplementary information about the security group.

The value can contain no more than 255 characters and cannot contain angle brackets (< or >).

project_id

String

ID of the project to which the security group belongs

created_at

String

Time when the security group is created

UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

updated_at

String

Time when the security group is updated

UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

enterprise_project_id

String

ID of the enterprise project to which the security group belongs

The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). Value 0 indicates the default enterprise project.

security_group_rules

Array of SecurityGroupRule object

Security group rules

Table 6 SecurityGroupRule

Parameter

Type

Description

id

String

Security group rule ID, which uniquely identifies the security group rule

The value is in UUID format with hyphens (-).

description

String

Provides supplementary information about the security group rule.

The value can contain no more than 255 characters and cannot contain angle brackets (< or >).

security_group_id

String

ID of the security group to which the security group rule belongs.

direction

String

Inbound or outbound direction of a security group rule.

The value can be:
  • ingress: inbound direction
  • egress: outbound direction

protocol

String

Protocol type

The value can be icmp, tcp, udp, icmpv6 or an IP number.

If the parameter is left blank, all protocols are supported. When the protocol is icmpv6, IP version should be IPv6. When the protocol is icmp, IP version should be IPv4.

ethertype

String

IP version

The value can be IPv4 or IPv6.

If you do not set this parameter, IPv4 is used by default.

multiport

String

Port or port range

The value can be a single port (80), a port range (1-30), or inconsecutive ports separated by commas (22,3389,80).

action

String

Action of the security group rule.

The value can be:
  • allow
  • deny

The default value is deny.

priority

Integer

Rule priority.

The value is from 1 to 100. The value 1 indicates the highest priority.

remote_group_id

String

ID of the remote security group, which allows or denies traffic to and from the security group.

Value range: ID of an existing security group

The parameter is mutually exclusive with parameters remote_ip_prefix and remote_address_group_id.

remote_ip_prefix

String

Remote IP address.
  • If direction is set to egress, the parameter specifies the source IP address.
  • If direction is set to ingress, the parameter specifies the destination IP address.

The value is an IP address or a CIDR block.

The parameter is mutually exclusive with parameters remote_group_id and remote_address_group_id.

remote_address_group_id

String

ID of the remote IP address group.

Value range: ID of an existing IP address group

The parameter is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

created_at

String

Time when the security group rule is created

UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

updated_at

String

Time when the security group rule is updated

UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

project_id

String

ID of the project to which the security group rule belongs.

When the status code is 400, the response parameters are as follows:

Table 7 Response body parameters

Parameter

Type

Description

request_id

String

Request ID

error_msg

String

Error message

error_code

String

Error code

When the status code is 401, the response parameters are as follows:

Table 8 Response body parameters

Parameter

Type

Description

request_id

String

Request ID

error_msg

String

Error message

error_code

String

Error code

When the status code is 403, the response parameters are as follows:

Table 9 Response body parameters

Parameter

Type

Description

request_id

String

Request ID

error_msg

String

Error message

error_code

String

Error code

When the status code is 409, the response parameters are as follows:

Table 10 Response body parameters

Parameter

Type

Description

request_id

String

Request ID

error_msg

String

Error message

error_code

String

Error code

When the status code is 500, the response parameters are as follows:

Table 11 Response body parameters

Parameter

Type

Description

request_id

String

Request ID

error_msg

String

Error message

error_code

String

Error code

Example Response

When the status code is 201, the response parameters are as follows:

Created
{
    "security_group": {
        "id": "69c999ad-d9ef-4d79-94fd-35e6ceb75325", 
        "name": "security_group_1", 
        "project_id": "060576782980d5762f9ec014dd2f1148", 
        "description": "security group description", 
        "enterprise_project_id": "0", 
        "security_group_rules": [
            {
                "id": "f11a3824-ac19-4fad-b4f1-c5f4a6dd0a80", 
                "project_id": "060576782980d5762f9ec014dd2f1148", 
                "security_group_id": "69c999ad-d9ef-4d79-94fd-35e6ceb75325", 
                "remote_group_id": "69c999ad-d9ef-4d79-94fd-35e6ceb75325", 
                "direction": "ingress", 
                "protocol": null, 
                "description": "", 
                "created_at": "2020-07-09T05:56:27Z", 
                "updated_at": "2020-07-09T05:56:27Z", 
                "ethertype": "IPv6", 
                "remote_ip_prefix": null, 
                "multiport": null, 
                "remote_address_group_id": null, 
                "action": "allow", 
                "priority": 100
            }, 
            {
                "id": "3d6480e8-9ea4-46dc-bb1b-8db190cd5677", 
                "project_id": "060576782980d5762f9ec014dd2f1148", 
                "security_group_id": "69c999ad-d9ef-4d79-94fd-35e6ceb75325", 
                "remote_group_id": null, 
                "direction": "egress", 
                "protocol": null, 
                "description": "", 
                "created_at": "2020-07-09T05:56:27Z", 
                "updated_at": "2020-07-09T05:56:27Z", 
                "ethertype": "IPv6", 
                "remote_ip_prefix": null, 
                "multiport": null, 
                "remote_address_group_id": null, 
                "action": "allow", 
                "priority": 100
            }, 
            {
                "id": "9581f18c-1fdd-43da-ace9-7758a56ef28a", 
                "project_id": "060576782980d5762f9ec014dd2f1148", 
                "security_group_id": "69c999ad-d9ef-4d79-94fd-35e6ceb75325", 
                "remote_group_id": null, 
                "direction": "egress", 
                "protocol": null, 
                "description": "", 
                "created_at": "2020-07-09T05:56:27Z", 
                "updated_at": "2020-07-09T05:56:27Z", 
                "ethertype": "IPv4", 
                "remote_ip_prefix": null, 
                "multiport": null, 
                "remote_address_group_id": null, 
                "action": "allow", 
                "priority": 100
            }, 
            {
                "id": "a3ba270e-e58b-432d-a912-aeb7eace9fb8", 
                "project_id": "060576782980d5762f9ec014dd2f1148", 
                "security_group_id": "69c999ad-d9ef-4d79-94fd-35e6ceb75325", 
                "remote_group_id": "69c999ad-d9ef-4d79-94fd-35e6ceb75325", 
                "direction": "ingress", 
                "protocol": null, 
                "description": "", 
                "created_at": "2020-07-09T05:56:27Z", 
                "updated_at": "2020-07-09T05:56:27Z", 
                "ethertype": "IPv4", 
                "remote_ip_prefix": null, 
                "multiport": null, 
                "remote_address_group_id": null, 
                "action": "allow", 
                "priority": 100
            }
        ], 
        "created_at": "2020-07-09T05:56:27Z", 
        "updated_at": "2020-07-09T05:56:27Z"
    }, 
    "request_id": "a8cf4f79ca3c22ca685e7e8872e8c20b"
}

Status Code

See Status Codes.

Error Code

See Error Codes.