ModifySecurityGroupPolicies

Last updated: 2021-11-30 11:34:22

1. API Description

Domain name for API request: vpc.tencentcloudapi.com.

This API is used to reset the Egress and Ingress rules (SecurityGroupPolicy) of a security group.

  • This API does not support custom indexes PolicyIndex.
  • For SecurityGroupPolicySet parameter,
      • If SecurityGroupPolicySet.Version is set to `0`, all policies will be cleared, and Egress and Ingress will be ignored.
      • If SecurityGroupPolicySet.Version is not set to `0`, add Egress and Ingress policies:
        • Protocol: TCP, UDP, ICMP, ICMPV6, GRE, or ALL.
        • CidrBlock: a CIDR block in the correct format. In the classic network, even if the CIDR block specified in CidrBlock contains the Tencent Cloud private IPs that are not using for CVMs under your Tencent Cloud account, it does not mean this policy allows you to access those resources. The network isolation policies between tenants take priority over the private network policies in security groups.
        • Ipv6CidrBlock: an IPv6 CIDR block in the correct format. In the classic network, even if the CIDR block specified in Ipv6CidrBlock contains the Tencent Cloud private IPv6 addresses that are not using for CVMs under your Tencent Cloud account, it does not mean this policy allows you to access those resources. The network isolation policies between tenants take priority over the private network policies in security groups.
        • SecurityGroupId: ID of the security group. It can be the ID of a security group to be modified, or the ID of another security group in the same project. All private IPs of all CVMs under the security group will be covered. If this field is used, the policy will automatically change according to the CVM associated with the group ID while being used to match network messages. You don't need to change it manually.
        • Port: a single port number such as 80, or a port range in the format of '8000-8010'. You may use this field only if the Protocol field takes the value TCP or UDP.
        • Action: only allows ACCEPT or DROP.
        • CidrBlock, Ipv6CidrBlock, SecurityGroupId, and AddressTemplate are mutually exclusive. Protocol + Port and ServiceTemplate are mutually exclusive.

    A maximum of 100 requests can be initiated per second for this API.

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

    Parameter Name Required Type Description
    Action Yes String Common parameter. The value used for this API: ModifySecurityGroupPolicies.
    Version Yes String Common parameter. The value used for this API: 2017-03-12.
    Region Yes String Common parameter. For more information, please see the list of regions supported by the product.
    SecurityGroupId Yes String The security group instance ID, such as sg-33ocnj9n. This can be obtained through DescribeSecurityGroups.
    SecurityGroupPolicySet Yes SecurityGroupPolicySet The security group policy set. SecurityGroupPolicySet object must specify new egress and ingress policies at the same time. SecurityGroupPolicy object does not support custom index (PolicyIndex).
    SortPolicys No Boolean Whether the security group rule is sorted. Default value: False. If it is set to True, security group rules will be strictly sorted according to the sequence specified in the SecurityGroupPolicySet parameter. Manual entry may cause omission, so we recommend sorting security group rules in the console.

    3. Output Parameters

    Parameter Name Type Description
    RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

    4. Example

    Example1 Modifying the outbound and inbound rules of a security group

    Input Example

    https://vpc.tencentcloudapi.com/?Action=ModifySecurityGroupPolicies
    &SecurityGroupId=sg-ohuuioma
    &SecurityGroupPolicySet.Egress.0.ServiceTemplate.ServiceId=ppm-f5n1f8da
    &SecurityGroupPolicySet.Egress.0.ServiceTemplate.ServiceGroupId=ppmg-f5n1f8da
    &SecurityGroupPolicySet.Egress.0.AddressTemplate.AddressId=ipm-2uw6ujo6
    &SecurityGroupPolicySet.Egress.0.AddressTemplate.AddressGroupId=ipmg-2uw6ujo6
    &SecurityGroupPolicySet.Egress.0.Action=accept
    &SecurityGroupPolicySet.Egress.0.PolicyDescription=TestPolicy
    &SecurityGroupPolicySet.Ingress.0.ServiceTemplate.ServiceId=ppm-f5n1f8da
    &SecurityGroupPolicySet.Ingress.0.ServiceTemplate.ServiceGroupId=ppmg-f5n1f8da
    &SecurityGroupPolicySet.Ingress.0.AddressTemplate.AddressId=ipm-2uw6ujo6
    &SecurityGroupPolicySet.Ingress.0.AddressTemplate.AddressGroupId=ipmg-2uw6ujo6
    &SecurityGroupPolicySet.Ingress.0.Action=accept
    &SecurityGroupPolicySet.Ingress.0.PolicyDescription=Test
    &<Common request parameters>
    

    Output Example

    {
      "Response": {
        "RequestId": "354f4ac3-8546-4516-8c8a-69e3ab73aa8a"
      }
    }
    

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    InvalidParameter.Coexist The parameters cannot be specified at the same time.
    InvalidParameterValue.LimitExceeded The parameter value exceeds the limit.
    InvalidParameterValue.Malformed Invalid input parameter format.
    InvalidParameterValue.TooLong Invalid parameter value. The parameter value is too long.
    LimitExceeded Quota limit is reached.
    ResourceNotFound The resource does not exist.
    UnsupportedOperation.DuplicatePolicy The security group policies are repeated.