Updated on 2025-08-19 GMT+08:00

Querying Security Groups

Function

After a security group is created, you can call this API to query all information about the security group, including the name, ID, and description.

Constraints

You can query all security groups under your account. A maximum of 2,000 records can be returned for each query. If the number of records exceeds 2,000, the pagination marker will be returned.

Calling Method

For details, see Calling APIs.

URI

GET /v3/{project_id}/vpc/security-groups

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

  • Definition: ID of the project that a security group belongs to. For details about how to obtain a project ID, see Obtaining a Project ID.

  • Range: None

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

limit

No

Integer

  • Definition: Number of resources returned on each page.

  • Range: 0-2000

marker

No

String

  • Definition: ID of the resource from which the pagination query starts. If the parameter is left blank, only resources on the first page are queried.

  • Range: Security group ID.

id

No

Array of strings

  • Definition: ID of a security group. This field can be used to precisely filter security groups. Multiple IDs can be specified for filtering.

  • Range: None

name

No

Array of strings

  • Definition: Name of a security group. This field can be used to precisely filter security groups. Multiple names can be specified for filtering.

  • Range: None

description

No

Array of strings

  • Definition: Description of a security group. This field can be used to precisely filter security groups. Multiple descriptions can be specified for filtering.

  • Range: None

enterprise_project_id

No

String

  • Definition: ID of the enterprise project that a security group belongs to. This field can be used to filter the security groups associated with an enterprise project.

  • Range:

    • The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.

    • To obtain the security groups associated with all enterprise projects that a user has permissions to view, specify all_granted_eps.

Request Parameters

None

Response Parameters

Status code: 200

Table 3 Response body parameters

Parameter

Type

Description

security_groups

Array of SecurityGroup objects

  • Definition: Response body for querying security groups.

  • Range: None

request_id

String

  • Definition: Request ID.

  • Range: None

page_info

PageInfo object

  • Definition: Pagination information.

  • Range: None

Table 4 SecurityGroup

Parameter

Type

Description

id

String

  • Definition: ID of a security group. After a security group is created, a security group ID is generated, which uniquely identifies the security group.

  • Range: The value is in UUID format with hyphens (-).

name

String

  • Definition: Name of a security group.

  • Range: The value can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

description

String

  • Definition: Description of a security group.

  • Range: The value can contain no more than 255 characters and cannot contain angle brackets (< or >).

project_id

String

  • Definition: ID of the project that a security group belongs to.

  • Range: None

created_at

String

  • Definition: Time when a security group was created.

  • Range: UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

updated_at

String

  • Definition: Time when a security group was updated.

  • Range: UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

enterprise_project_id

String

  • Definition: ID of the enterprise project that a security group belongs to.

  • Range: The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.

tags

Array of ResponseTag objects

  • Definition: Tags of a security group, including tag keys and tag values, which can be used to classify and identify resources. For details, see the tag objects.

  • Range: None

Table 5 ResponseTag

Parameter

Type

Description

key

String

Definition:

Tag key.

Range:

  • A tag key can contain a maximum of 128 Unicode characters and cannot be left blank.

  • Each tag key of a resource must be unique.

  • The value can contain:

    • Letters

    • Digits

    • Special characters: underscores (_), hyphens (-)

    • Chinese characters

value

String

Definition:

Tag value.

Range:

  • Each value can contain a maximum of 255 Unicode characters and can be left blank.

  • The value can contain:

    • Letters

    • Digits

    • Special characters: underscores (_), hyphens (-), periods (.)

    • Chinese characters

Table 6 PageInfo

Parameter

Type

Description

previous_marker

String

Definition:

The first record on the current page.

Range:

N/A

current_count

Integer

Definition:

Total number of resources on the current page.

Range:

N/A

next_marker

String

Definition:

The last record on the current page. The next_marker field does not exist if the page is the last one.

Range:

N/A

Example Requests

Querying security groups

GET https://{Endpoint}/v3/{project_id}/vpc/security-groups

Example Responses

Status code: 200

Normal response to the GET operation. For more status codes, see Status Codes.

{
  "request_id" : "d31cb32ca06f3c1a294fa24e6cbc5a56",
  "security_groups" : [ {
    "id" : "0552091e-b83a-49dd-88a7-4a5c86fd9ec3",
    "name" : "sg-test",
    "project_id" : "060576782980d5762f9ec014dd2f1148",
    "description" : "test",
    "enterprise_project_id" : 0,
    "created_at" : "2019-10-16T11:11:14.000+00:00",
    "updated_at" : "2020-03-25T10:53:46.000+00:00",
    "tags" : [ ]
  }, {
    "id" : "0b8cb773-197c-4c91-94f1-e051f0563e5a",
    "name" : "test-sg",
    "project_id" : "060576782980d5762f9ec014dd2f1148",
    "description" : "The security group is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 3389, 80, and 443. This security group is suitable for ECSs that require remote login, public network ping, and website services.",
    "enterprise_project_id" : 0,
    "created_at" : "2019-12-03T09:02:11.000+00:00",
    "updated_at" : "2019-12-03T09:02:11.000+00:00",
    "tags" : [ ]
  } ],
  "page_info" : {
    "previous_marker" : "0552091e-b83a-49dd-88a7-4a5c86fd9ec3",
    "current_count" : 2
  }
}

SDK Sample Code

The SDK sample code is as follows.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpc.v3.region.VpcRegion;
import com.huaweicloud.sdk.vpc.v3.*;
import com.huaweicloud.sdk.vpc.v3.model.*;


public class ListSecurityGroupsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        VpcClient client = VpcClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcRegion.valueOf("<YOUR REGION>"))
                .build();
        ListSecurityGroupsRequest request = new ListSecurityGroupsRequest();
        try {
            ListSecurityGroupsResponse response = client.listSecurityGroups(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpc.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = VpcClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListSecurityGroupsRequest()
        response = client.list_security_groups(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := vpc.NewVpcClient(
        vpc.VpcClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListSecurityGroupsRequest{}
	response, err := client.ListSecurityGroups(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Normal response to the GET operation. For more status codes, see Status Codes.

Error Codes

See Error Codes.