Updated on 2024-04-15 GMT+08:00

Creating a Security Group Rule

Function

This API is used to create a security group rule.

URI

POST /v2.0/security-group-rules

Request Parameters

Table 1 Request parameter

Parameter

Type

Mandatory

Description

security_group_rule

security_group_rule object

Yes

Specifies the security group rule. For details, see Table 2.

Table 2 Security Group Rule objects

Attribute

Mandatory

Type

Description

description

No

String

Provides supplementary information about the security group rule.

security_group_id

Yes

String

Specifies the ID of the belonged security group.

remote_group_id

No

String

Specifies the peer ID of the belonged security group.

This parameter is mutually exclusive with remote_ip_prefixand remote_address_group_id.

direction

Yes

String

Specifies the direction of the traffic for which the security group rule takes effect.

The value can be ingress or egress.

remote_ip_prefix

No

String

Specifies the peer IP address segment.

This parameter is mutually exclusive with remote_group_id and remote_address_group_id.

protocol

No

String

Specifies the protocol type or the IP protocol number.

The value can be tcp, udp, icmp or an IP protocol number

port_range_max

No

Integer

Specifies the maximum port number. When ICMP is used, the value is the ICMP code.

The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

port_range_min

No

Integer

Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type.

When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.

When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).

The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

ethertype

No

String

Specifies the network type.

The value can be IPv4 or IPv6.

remote_address_group_id

No

String

  • Specifies the remote IP address group ID. You can log in to the management console and view the ID on the IP address group page.
  • This parameter is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

Example Request

Create an outbound rule in the security group whose ID is 5cb9c1ee-00e0-4d0f-9623-55463cd26ff8. Set protocol to tcp, and remote_ip_prefix to 10.10.0.0/24.

POST https://{Endpoint}/v2.0/security-group-rules

{
    "security_group_rule": {
        "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", 
        "direction": "egress", 
        "protocol": "tcp", 
        "remote_ip_prefix": "10.10.0.0/24"
    }
}

Response Parameters

Table 3 Response parameter

Parameter

Type

Description

security_group_rule

security_group_rule object

Specifies the security group rule. For details, see Table 4.

Table 4 Security Group Rule objects

Attribute

Type

Description

id

String

Specifies the security group rule ID.

This parameter is not mandatory when you query security group rules.

description

String

Provides supplementary information about the security group rule.

security_group_id

String

Specifies the ID of the belonged security group.

remote_group_id

String

Specifies the peer ID of the belonged security group.

direction

String

Specifies the direction of the traffic for which the security group rule takes effect.

remote_ip_prefix

String

Specifies the peer IP address segment.

protocol

String

Specifies the protocol type or the IP protocol number.

port_range_max

Integer

Specifies the maximum port number. When ICMP is used, the value is the ICMP code.

port_range_min

Integer

Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type.

When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.

When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).

ethertype

String

Specifies the network type.

IPv4 and IPv6 are supported.

tenant_id

String

Specifies the project ID.

remote_address_group_id

String

  • Specifies the remote IP address group ID.
  • The value is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

project_id

String

Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

created_at

String

Specifies the time (UTC) when the security group rule is created.

Format: yyyy-MM-ddTHH:mm:ss

updated_at

String

Specifies the time (UTC) when the security group rule is updated.

Format: yyyy-MM-ddTHH:mm:ss

Example Response

{
    "security_group_rule": {
        "remote_group_id": null, 
        "direction": "egress", 
        "remote_ip_prefix": "10.10.0.0/24", 
        "protocol": "tcp", 
        "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", 
        "port_range_max": null, 
        "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", 
        "port_range_min": null, 
        "ethertype": "IPv4", 
        "description": null, 
        "id": "7c336b04-1603-4911-a6f4-f2af1d9a0488",
        "project_id": "6fbe9263116a4b68818cf1edce16bc4f", 
        "created_at": "2018-09-20T02:15:34",
        "updated_at": "2018-09-20T02:15:34",
        "remote_address_group_id": null
    }
}

Status Code

See Status Codes.

Error Code

See Error Codes.