Help Center/ Virtual Private Cloud/ API Reference (Ankara Region)/ API V3/ Security Group Rule/ Querying Security Group Rules
Updated on 2024-04-15 GMT+08:00
View PDF
Share

Querying Security Group Rules

Function

This API is used to query security group rules.

URI

GET /v3/{project_id}/vpc/security-group-rules

Table 1 Parameter description

Name

Mandatory

Type

Description

project_id

Yes

String

Project ID.

For details about how to obtain a project ID, see Obtaining a Project ID.
Table 2 Query parameters

Parameter

Mandatory

Type

Description

limit

No

Integer

Number of records displayed on each page.

Value range: 0 to 2000

marker

No

String

Start resource ID of pagination query. If the parameter is left blank, only resources on the first page are queried.

id

No

Array of strings

ID of the security group rule. Multiple IDs can be specified for filtering.

security_group_id

No

Array of strings

ID of the security group to which the security group rule belongs. Multiple IDs can be specified for filtering.

protocol

No

Array of strings

Protocol specified in the security group rule. Multiple protocols can be specified for filtering.

description

No

Array of strings

Provides supplementary information about the security group. This field can be used to precisely filter security groups. Multiple descriptions can be specified for filtering.

remote_group_id

No

Array of strings

ID of the remote security group. Multiple IDs can be specified for filtering.

direction

No

String

Access control direction specified in the security group rule.

action

No

String

Action of the security group rule.

Request Parameter

None

Example Request

  • Query security group rules. 
    "GET https://{Endpoint}/v3/{project_id}/vpc/security-group-rules"

Response Parameter

When the status code is 200, the response parameters are as follows:

Table 3 Response body parameters

Parameter

Type

Description

request_id

String

Request ID

security_group_rules

Array of SecurityGroupRule objects

Response body of security group rules

page_info

PageInfo object

Pagination information
Table 4 SecurityGroupRule

Parameter

Type

Description

id

String

Security group rule ID, which uniquely identifies the security group rule

The value is in UUID format with hyphens (-).

description

String

Provides supplementary information about the security group.

The value can contain no more than 255 characters and cannot contain angle brackets (< or >).

security_group_id

String

ID of the security group to which the security group rule belongs.

direction

String

Inbound or outbound direction of a security group rule.

The value can be:

  • ingress: inbound direction
  • egress: outbound direction

protocol

String

Protocol type

The value can be icmp, tcp, udp, icmpv6 or an IP number.

Constraints:
  • If the parameter is left blank, all protocols are supported.
  • When the protocol is icmpv6, IP version should be IPv6.
  • When the protocol is icmp, IP version should be IPv4.

ethertype

String

IP version

The value can be IPv4 or IPv6.

If you do not set this parameter, IPv4 is used by default.

multiport

String

Port or port range

The value can be a single port (80), a port range (1-30), or inconsecutive ports separated by commas (22,3389,80).

action

String

Action of the security group rule.

The value can be:
  • allow
  • deny

The default value is deny.

priority

Integer

Rule priority.

The value is from 1 to 100. The value 1 indicates the highest priority.

remote_group_id

String

ID of the remote security group, which allows or denies traffic to and from the security group.

Value range: ID of an existing security group

The parameter is mutually exclusive with parameters remote_ip_prefix and remote_address_group_id.

remote_ip_prefix

String

Remote IP address.

  • If direction is set to egress, the parameter specifies the source IP address.
  • If direction is set to ingress, the parameter specifies the destination IP address.

The value is an IP address or a CIDR block.

Constraints:

  • The parameter is mutually exclusive with parameters remote_group_id and remote_address_group_id.
  • If this parameter is left blank, the remote IP address is not limited, and the traffic from all remote IP addresses is allowed or rejected.

remote_address_group_id

String

ID of the remote IP address group.

Value range: ID of an existing IP address group

The parameter is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

created_at

String

Time when the security group rule is created

UTC time in the format of yyyy-MM-ddTHH:mmss

updated_at

String

Time when the security group rule is updated

UTC time in the format of yyyy-MM-ddTHH:mmss

project_id

String

ID of the project to which the security group rule belongs.
Table 5 PageInfo

Parameter

Type

Description

previous_marker

String

First record on the current page

current_count

Integer

Total number of records on the current page

next_marker

String

Last record on the current page. This parameter does not exist if the page is the last one.

Example Response

When the status code is 200, the response parameters are as follows:

OK 
{
    "request_id": "80747d36e3376c0894ba8f9a9156355d", 
    "security_group_rules": [
        {
            "id": "f626eb24-d8bd-4d26-ae0b-c16bb65730cb", 
            "project_id": "060576782980d5762f9ec014dd2f1148", 
            "security_group_id": "0552091e-b83a-49dd-88a7-4a5c86fd9ec3", 
            "remote_group_id": null, 
            "direction": "ingress", 
            "protocol": "tcp", 
            "description": "security group rule description", 
            "created_at": "2020-08-13T07:12:36Z", 
            "updated_at": "2020-08-13T07:12:36Z", 
            "ethertype": "IPv4", 
            "remote_ip_prefix": "10.10.0.0/16", 
            "multiport": "333", 
            "remote_address_group_id": null, 
            "action": "allow", 
            "priority": 1
        }
    ]
}

Status Code

See Status Codes.

Error Code

See Error Codes.

Parent topic: Security Group Rule