Creating a Security Group Rule
Function
This API is used to create a security group rule.
URI
POST /v2.0/security-group-rules
Request Parameters
Parameter |
Type |
Mandatory |
Description |
---|---|---|---|
security_group_rule |
security_group_rule object |
Yes |
Specifies the security group rule. For details, see Table 2. |
Attribute |
Mandatory |
Type |
Description |
---|---|---|---|
description |
No |
String |
Provides supplementary information about the security group rule. |
security_group_id |
Yes |
String |
Specifies the ID of the belonged security group. |
remote_group_id |
No |
String |
Specifies the peer ID of the belonged security group. This parameter is mutually exclusive with remote_ip_prefixand remote_address_group_id. |
direction |
Yes |
String |
Specifies the direction of the traffic for which the security group rule takes effect. The value can be ingress or egress. |
remote_ip_prefix |
No |
String |
Specifies the peer IP address segment. This parameter is mutually exclusive with remote_group_id and remote_address_group_id. |
protocol |
No |
String |
Specifies the protocol type or the IP protocol number. The value can be tcp, udp, icmp or an IP protocol number |
port_range_max |
No |
Integer |
Specifies the maximum port number. When ICMP is used, the value is the ICMP code. The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.) |
port_range_min |
No |
Integer |
Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type. When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value. When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min). The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.) |
ethertype |
No |
String |
Specifies the network type. The value can be IPv4 or IPv6. |
remote_address_group_id |
No |
String |
|
Example Request
Create an outbound rule in the security group whose ID is 5cb9c1ee-00e0-4d0f-9623-55463cd26ff8. Set protocol to tcp, and remote_ip_prefix to 10.10.0.0/24.
POST https://{Endpoint}/v2.0/security-group-rules { "security_group_rule": { "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", "direction": "egress", "protocol": "tcp", "remote_ip_prefix": "10.10.0.0/24" } }
Response Parameters
Parameter |
Type |
Description |
---|---|---|
security_group_rule |
security_group_rule object |
Specifies the security group rule. For details, see Table 4. |
Attribute |
Type |
Description |
---|---|---|
id |
String |
Specifies the security group rule ID. This parameter is not mandatory when you query security group rules. |
description |
String |
Provides supplementary information about the security group rule. |
security_group_id |
String |
Specifies the ID of the belonged security group. |
remote_group_id |
String |
Specifies the peer ID of the belonged security group. |
direction |
String |
Specifies the direction of the traffic for which the security group rule takes effect. |
remote_ip_prefix |
String |
Specifies the peer IP address segment. |
protocol |
String |
Specifies the protocol type or the IP protocol number. |
port_range_max |
Integer |
Specifies the maximum port number. When ICMP is used, the value is the ICMP code. |
port_range_min |
Integer |
Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type. When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value. When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min). |
ethertype |
String |
Specifies the network type. IPv4 and IPv6 are supported. |
tenant_id |
String |
Specifies the project ID. |
remote_address_group_id |
String |
|
project_id |
String |
Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID. |
created_at |
String |
Specifies the time (UTC) when the security group rule is created. Format: yyyy-MM-ddTHH:mm:ss |
updated_at |
String |
Specifies the time (UTC) when the security group rule is updated. Format: yyyy-MM-ddTHH:mm:ss |
Example Response
{ "security_group_rule": { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": "10.10.0.0/24", "protocol": "tcp", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_range_max": null, "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", "port_range_min": null, "ethertype": "IPv4", "description": null, "id": "7c336b04-1603-4911-a6f4-f2af1d9a0488", "project_id": "6fbe9263116a4b68818cf1edce16bc4f", "created_at": "2018-09-20T02:15:34", "updated_at": "2018-09-20T02:15:34", "remote_address_group_id": null } }
Status Code
See Status Codes.
Error Code
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot