CreateSecurityGroupWithPolicies

Last updated: 2020-08-14 10:21:14

1. API Description

Domain name for API request: vpc.tencentcloudapi.com.

This API (CreateSecurityGroupWithPolicies) is used to create security groups, and add security group policies.

  • Note themaximum number of security groupsper project in each region under each account.
  • Both the inbound and outbound policies for a newly created security group are Deny All by default. You need to call CreateSecurityGroupPolicies to set security group policies according to your needs.

Description:

  • Version: Indicates the version number of a security group policy, which will automatically increment by 1 every time you update the security policy, to prevent the expiration of the updated policies. If this field is left empty, any conflicts will be ignored.
  • Protocol: Values can be TCP, UDP, ICMP, ICMPV6, GRE, or ALL.
  • CidrBlock: A CIDR block in the correct format. In a basic network, if a CidrBlock contains private IPs on Tencent Cloud for devices under your account other than CVMs, it does not mean this policy allows you to access these devices. The network isolation policies between tenants take priority over the private network policies in security groups.
  • Ipv6CidrBlock: An IPv6 CIDR block in the correct format. In a basic network, if an Ipv6CidrBlock contains private IPv6 addresses on Tencent Cloud for devices under your account other than CVMs, it does not mean this policy allows you to access these devices. The network isolation policies between tenants take priority over the private network policies in security groups.
  • SecurityGroupId: ID of the security group. It can be in the same project as the security group to be modified, including the ID of the security group itself, to represent private IP addresses of all CVMs under the security group. If this field is used, the policy will change without manual modification according to the CVM associated with the policy ID while being used to match network messages.
  • Port: A single port number, or a port range in the format of '8000-8010'. The Port field is accepted only if the value of the Protocol field is TCP or UDP. Otherwise Protocol and Port are mutually exclusive.
  • Action: Values can be ACCEPT or DROP.
  • CidrBlock, Ipv6CidrBlock, SecurityGroupId, and AddressTemplate are exclusive and cannot be entered at the same time. 'Protocol + Port' and ServiceTemplate are mutually exclusive and cannot be entered at the same time.
  • Only policies in one direction can be created in each request. If you need to specify the PolicyIndex parameter, the indexes of policies must be consistent.

A maximum of 100 requests can be initiated per second for this API.

Note: This API supports Finance regions. If the common parameter Region is a Finance region, a domain name with the Finance region needs to be specified, for example: vpc.ap-shanghai-fsi.tencentcloudapi.com

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common parameter. The value used for this API: CreateSecurityGroupWithPolicies.
Version Yes String Common parameter. The value used for this API: 2017-03-12.
Region Yes String Common parameter. For more information, please see the list of regions supported by the product.
GroupName Yes String Security group can be named freely, but cannot exceed 60 characters.
GroupDescription Yes String The remarks for the security group. The maximum length is 100 characters.
ProjectId No String The project id is 0 by default. You can query this in the project management page of the Qcloud console.
SecurityGroupPolicySet No SecurityGroupPolicySet Security group policy set.

3. Output Parameters

Parameter Name Type Description
SecurityGroup SecurityGroup Security group object.
RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Creats a security group

Input Example

https://vpc.tencentcloudapi.com/?Action=CreateSecurityGroupWithPolicies
&Version=2017-03-12
&GroupName=TestGroup
&GroupDescription=test-group-desc
&<Common request parameter>

Output Example

{
  "Response": {
    "RequestID": "354f4ac3-8546-4516-8c8a-69e3ab73aa8a",
    "SecurityGroup": {
      "SecurityGroupId": "sg-12345678",
      "SecurityGroupName": "TestGroup",
      "SecurityGroupDesc": "test-group-desc",
      "ProjectId": "0",
      "CreateTime": "2018-01-13 19:26:33"
    }
  }
}

Example2 Creates security groups and their policies

Input Example

https://vpc.tencentcloudapi.com/?Action=CreateSecurityGroupWithPolicies
&Version=2017-03-12
&GroupName=TestGroup
&GroupDescription=test-group-desc
&SecurityGroupPolicySet.Egress.0.PolicyIndex=0
&SecurityGroupPolicySet.Egress.0.ServiceTemplate.ServiceId=ppm-f5n1f8da
&SecurityGroupPolicySet.Egress.0.AddressTemplate.AddressId=ipm-2uw6ujo6
&SecurityGroupPolicySet.Egress.0.Action=accept
&SecurityGroupPolicySet.Egress.0.PolicyDescription=TestPolicy
&SecurityGroupPolicySet.Egress.1.PolicyIndex=1
&SecurityGroupPolicySet.Egress.1.ServiceTemplate.ServiceId=ppm-f5n1f8da
&SecurityGroupPolicySet.Egress.1.AddressTemplate.AddressId=ipm-2uw6ujo6
&SecurityGroupPolicySet.Egress.1.Action=accept
&SecurityGroupPolicySet.Egress.1.PolicyDescription=Test
&<Common request parameter>

Output Example

{
  "Response": {
    "RequestID": "354f4ac3-8546-4516-8c8a-69e3ab73aa8a",
    "SecurityGroup": {
      "SecurityGroupId": "sg-12345678",
      "SecurityGroupName": "TestGroup",
      "SecurityGroupDesc": "test-group-desc",
      "ProjectId": "0",
      "CreateTime": "2018-01-13 19:26:33"
    }
  }
}

5. Developer Resources

API Explorer

This tool allows online call, signature authentication, SDK code generation and quick search of APIs to greatly improve the efficiency of using TencentCloud APIs.

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
InvalidParameter.Coexist The parameters cannot be specified at the same time.
InvalidParameterValue Invalid parameter value
InvalidParameterValue.Malformed Invalid input parameter format.
InvalidParameterValue.TooLong Invalid parameter value. The parameter value is too long.
LimitExceeded Quota limit is reached.
MissingParameter Parameter missing. A required parameter is missing in the request.
ResourceNotFound The resource does not exist.

Was this page helpful?

Was this page helpful?

  • Not at all
  • Not very helpful
  • Somewhat helpful
  • Very helpful
  • Extremely helpful
Send Feedback
Help