Creating a Security Group
Function
A security group is a collection of access control rules for cloud instances, such as cloud servers, containers, and databases, that have the same security requirements and that are mutually trusted within a VPC. You can define different access control rules for a security group, and these rules are then applied to all the instances added to this security group.
Constraints
By default, a security group only allows instances in it to communicate with each other.
Calling Method
For details, see Calling APIs.
URI
POST /v3/{project_id}/vpc/security-groups
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
|
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
dry_run |
No |
Boolean |
|
security_group |
Yes |
CreateSecurityGroupOption object |
|
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
|
description |
No |
String |
|
enterprise_project_id |
No |
String |
|
tags |
No |
Array of RequestTag objects |
|
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
key |
Yes |
String |
Definition: Tag key. Constraints: N/A Range:
N/A |
value |
Yes |
String |
Definition: Tag value. Constraints: N/A Range:
N/A |
Response Parameters
Status code: 201
Parameter |
Type |
Description |
---|---|---|
request_id |
String |
|
security_group |
SecurityGroupInfo object |
|
Parameter |
Type |
Description |
---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
project_id |
String |
|
created_at |
String |
|
updated_at |
String |
|
enterprise_project_id |
String |
|
tags |
Array of ResponseTag objects |
|
security_group_rules |
Array of SecurityGroupRule objects |
|
Parameter |
Type |
Description |
---|---|---|
key |
String |
Definition: Tag key. Range:
|
value |
String |
Definition: Tag value. Range:
|
Parameter |
Type |
Description |
---|---|---|
id |
String |
|
description |
String |
|
security_group_id |
String |
|
direction |
String |
|
protocol |
String |
|
ethertype |
String |
|
multiport |
String |
|
action |
String |
|
priority |
Integer |
|
remote_group_id |
String |
|
remote_ip_prefix |
String |
|
remote_address_group_id |
String |
|
created_at |
String |
|
updated_at |
String |
|
project_id |
String |
|
enabled |
Boolean |
|
Status code: 202
Parameter |
Type |
Description |
---|---|---|
request_id |
String |
|
error_msg |
String |
|
error_code |
String |
|
Example Requests
-
Create a security group, set its name to security_group_1 and description to security group description, and specify the request as a prefight request.
POST https://{Endpoint}/v3/{project_id}/vpc/security-groups { "security_group" : { "name" : "security_group_1", "description" : "security group description" }, "dry_run" : true }
-
Create a security group and set its name to security_group_1* and description to security group description.
POST https://{Endpoint}/v3/{project_id}/vpc/security-groups { "security_group" : { "name" : "security_group_1", "description" : "security group description" } }
Example Responses
Status code: 201
Normal response to the POST operation. For more status codes, see Status Code.
-
{ "security_group" : { "id" : "69c999ad-d9ef-4d79-94fd-35e6ceb75325", "name" : "security_group_1", "project_id" : "060576782980d5762f9ec014dd2f1148", "description" : "security group description", "enterprise_project_id" : "0", "tags" : [ ], "security_group_rules" : [ { "id" : "f11a3824-ac19-4fad-b4f1-c5f4a6dd0a80", "project_id" : "060576782980d5762f9ec014dd2f1148", "security_group_id" : "69c999ad-d9ef-4d79-94fd-35e6ceb75325", "remote_group_id" : "69c999ad-d9ef-4d79-94fd-35e6ceb75325", "direction" : "ingress", "protocol" : null, "description" : "", "created_at" : "2020-07-09T05:56:27Z", "updated_at" : "2020-07-09T05:56:27Z", "ethertype" : "IPv6", "remote_ip_prefix" : null, "multiport" : null, "remote_address_group_id" : null, "action" : "allow", "priority" : 100, "enabled" : true }, { "id" : "3d6480e8-9ea4-46dc-bb1b-8db190cd5677", "project_id" : "060576782980d5762f9ec014dd2f1148", "security_group_id" : "69c999ad-d9ef-4d79-94fd-35e6ceb75325", "remote_group_id" : null, "direction" : "egress", "protocol" : null, "description" : "", "created_at" : "2020-07-09T05:56:27Z", "updated_at" : "2020-07-09T05:56:27Z", "ethertype" : "IPv6", "remote_ip_prefix" : null, "multiport" : null, "remote_address_group_id" : null, "action" : "allow", "priority" : 100, "enabled" : true }, { "id" : "9581f18c-1fdd-43da-ace9-7758a56ef28a", "project_id" : "060576782980d5762f9ec014dd2f1148", "security_group_id" : "69c999ad-d9ef-4d79-94fd-35e6ceb75325", "remote_group_id" : null, "direction" : "egress", "protocol" : null, "description" : "", "created_at" : "2020-07-09T05:56:27Z", "updated_at" : "2020-07-09T05:56:27Z", "ethertype" : "IPv4", "remote_ip_prefix" : null, "multiport" : null, "remote_address_group_id" : null, "action" : "allow", "priority" : 100, "enabled" : true }, { "id" : "a3ba270e-e58b-432d-a912-aeb7eace9fb8", "project_id" : "060576782980d5762f9ec014dd2f1148", "security_group_id" : "69c999ad-d9ef-4d79-94fd-35e6ceb75325", "remote_group_id" : "69c999ad-d9ef-4d79-94fd-35e6ceb75325", "direction" : "ingress", "protocol" : null, "description" : "", "created_at" : "2020-07-09T05:56:27Z", "updated_at" : "2020-07-09T05:56:27Z", "ethertype" : "IPv4", "remote_ip_prefix" : null, "multiport" : null, "remote_address_group_id" : null, "action" : "allow", "priority" : 100, "enabled" : true } ], "created_at" : "2020-07-09T05:56:27Z", "updated_at" : "2020-07-09T05:56:27Z" }, "request_id" : "a8cf4f79ca3c22ca685e7e8872e8c20b" }
Status code: 202
Normal response for the specified pre-check request of API V3. For more status codes, see Status Code.
{ "error_msg" : "Request validation has been passed with dry run...", "error_code" : "SYS.0202", "request_id" : "cfd81aea3f59eac7128dba4b36d516c8" }
SDK Sample Code
The SDK sample code is as follows.
-
Create a security group, set its name to security_group_1 and description to security group description, and specify the request as a prefight request.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.vpc.v3.region.VpcRegion; import com.huaweicloud.sdk.vpc.v3.*; import com.huaweicloud.sdk.vpc.v3.model.*; public class CreateSecurityGroupSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); VpcClient client = VpcClient.newBuilder() .withCredential(auth) .withRegion(VpcRegion.valueOf("<YOUR REGION>")) .build(); CreateSecurityGroupRequest request = new CreateSecurityGroupRequest(); CreateSecurityGroupRequestBody body = new CreateSecurityGroupRequestBody(); CreateSecurityGroupOption securityGroupbody = new CreateSecurityGroupOption(); securityGroupbody.withName("security_group_1") .withDescription("security group description"); body.withSecurityGroup(securityGroupbody); body.withDryRun(true); request.withBody(body); try { CreateSecurityGroupResponse response = client.createSecurityGroup(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
-
Create a security group and set its name to security_group_1* and description to security group description.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.vpc.v3.region.VpcRegion; import com.huaweicloud.sdk.vpc.v3.*; import com.huaweicloud.sdk.vpc.v3.model.*; public class CreateSecurityGroupSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); VpcClient client = VpcClient.newBuilder() .withCredential(auth) .withRegion(VpcRegion.valueOf("<YOUR REGION>")) .build(); CreateSecurityGroupRequest request = new CreateSecurityGroupRequest(); CreateSecurityGroupRequestBody body = new CreateSecurityGroupRequestBody(); CreateSecurityGroupOption securityGroupbody = new CreateSecurityGroupOption(); securityGroupbody.withName("security_group_1") .withDescription("security group description"); body.withSecurityGroup(securityGroupbody); request.withBody(body); try { CreateSecurityGroupResponse response = client.createSecurityGroup(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
-
Create a security group, set its name to security_group_1 and description to security group description, and specify the request as a prefight request.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkvpc.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = VpcClient.new_builder() \ .with_credentials(credentials) \ .with_region(VpcRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateSecurityGroupRequest() securityGroupbody = CreateSecurityGroupOption( name="security_group_1", description="security group description" ) request.body = CreateSecurityGroupRequestBody( security_group=securityGroupbody, dry_run=True ) response = client.create_security_group(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
-
Create a security group and set its name to security_group_1* and description to security group description.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkvpc.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = VpcClient.new_builder() \ .with_credentials(credentials) \ .with_region(VpcRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateSecurityGroupRequest() securityGroupbody = CreateSecurityGroupOption( name="security_group_1", description="security group description" ) request.body = CreateSecurityGroupRequestBody( security_group=securityGroupbody ) response = client.create_security_group(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
-
Create a security group, set its name to security_group_1 and description to security group description, and specify the request as a prefight request.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := vpc.NewVpcClient( vpc.VpcClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateSecurityGroupRequest{} descriptionSecurityGroup:= "security group description" securityGroupbody := &model.CreateSecurityGroupOption{ Name: "security_group_1", Description: &descriptionSecurityGroup, } dryRunCreateSecurityGroupRequestBody:= true request.Body = &model.CreateSecurityGroupRequestBody{ SecurityGroup: securityGroupbody, DryRun: &dryRunCreateSecurityGroupRequestBody, } response, err := client.CreateSecurityGroup(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
-
Create a security group and set its name to security_group_1* and description to security group description.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := vpc.NewVpcClient( vpc.VpcClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateSecurityGroupRequest{} descriptionSecurityGroup:= "security group description" securityGroupbody := &model.CreateSecurityGroupOption{ Name: "security_group_1", Description: &descriptionSecurityGroup, } request.Body = &model.CreateSecurityGroupRequestBody{ SecurityGroup: securityGroupbody, } response, err := client.CreateSecurityGroup(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
201 |
Normal response to the POST operation. For more status codes, see Status Code. |
202 |
Normal response for the specified pre-check request of API V3. For more status codes, see Status Code. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot