tencent cloud

Feedback

CreateSecurityGroupWithPolicies

Last updated: 2023-08-23 14:11:17

1. API Description

Domain name for API request: vpc.tencentcloudapi.com.

This API is used to create u200da security group, and add security group policies.

  • For the the upper limit of security groups per project in each region under each account, see here
  • u200dFor u200dnewly u200dcreated security groups, u200dthe inbound and outbound policies are set to Deny All by default. You need to call CreateSecurityGroupPolicies
    to change it.

Description:

  • Version: The version number of a security group policy. It automatically increments by 1 every time you update the security policy, so to prevent the expiration of the updated policies. If this field is left empty, any conflicts will be ignored.
  • Protocol: Values can be TCP, UDP, ICMP, ICMPV6, GRE, and ALL.
  • CidrBlock: Enter a CIDR block in the correct format. In the classic network, even if the CIDR block specified in u200dCidrBlock contains the Tencent Cloud private IPs not used for CVMs under your Tencent Cloud account, it does not mean this policy allows you to access those resources. The network isolation policies between tenants take priority over the private network policies in security groups.
  • Ipv6CidrBlock: Enter an IPv6 CIDR block in the correct format. In the classic network, even if the CIDR block specified in Ipv6CidrBlock contains the Tencent Cloud private IPv6 addresses not used for CVMs under your Tencent Cloud account, it does not mean this policy allows you to access those resources. The network isolation policies between tenants take priority over the private network policies in security groups.
  • SecurityGroupId: ID of the security group. It can be the ID of a security group to be modified, or the ID of another security group in the same project. All private IPs of all CVMs under the security group will be covered. If this field is used, the policy will automatically change according to the CVM associated with the group ID while being used to match network messages. You don't need to change it manually.
  • Port: Enter a single port number (such as 80), or a port range (such as 8000-8010). Port is only applicable when Protocol is TCP or UDP. If Protocol is not TCP or UDP, Protocol and Port cannot be both specified.
  • Action: Values can be ACCEPT or DROP.
  • CidrBlock, Ipv6CidrBlock, SecurityGroupId, and AddressTemplate are exclusive u200dto one another. “Protocol + Port” and ServiceTemplate are mutually exclusive.
  • Only policies in one direction can be created in each request. If you need to specify the PolicyIndex parameter, the indexes of policies must be consistent.

A maximum of 100 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: CreateSecurityGroupWithPolicies.
Version Yes String Common Params. The value used for this API: 2017-03-12.
Region No String Common Params. This parameter is not required for this API.
GroupName Yes String Security group can be named freely, but cannot exceed 60 characters.
GroupDescription Yes String The remarks for the security group. The maximum length is 100 characters.
ProjectId No String Project ID. Default value: 0. You can query it on the project management page of the Tencent Cloud console.
SecurityGroupPolicySet No SecurityGroupPolicySet Security group policy set.

3. Output Parameters

Parameter Name Type Description
SecurityGroup SecurityGroup Security group object.
RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Creating a security group

Input Example

https://vpc.tencentcloudapi.com/?Action=CreateSecurityGroupWithPolicies
&Version=2017-03-12
&GroupName=TestGroup
&GroupDescription=test-group-desc
&<Common request parameters>

Output Example

{
    "Response": {
        "SecurityGroup": {
            "SecurityGroupId": "sg-12345678",
            "SecurityGroupName": "TestGroup",
            "SecurityGroupDesc": "test-group-desc",
            "ProjectId": "0"
        }
    }
}

Example2 Creating security groups and the rules

Input Example

https://vpc.tencentcloudapi.com/?Action=CreateSecurityGroupWithPolicies
&Version=2017-03-12
&GroupName=TestGroup
&GroupDescription=test-group-desc
&SecurityGroupPolicySet.Egress.0.PolicyIndex=0
&SecurityGroupPolicySet.Egress.0.ServiceTemplate.ServiceId=ppm-f5n1f8da
&SecurityGroupPolicySet.Egress.0.AddressTemplate.AddressId=ipm-2uw6ujo6
&SecurityGroupPolicySet.Egress.0.Action=accept
&SecurityGroupPolicySet.Egress.0.PolicyDescription=TestPolicy
&SecurityGroupPolicySet.Egress.1.PolicyIndex=1
&SecurityGroupPolicySet.Egress.1.ServiceTemplate.ServiceId=ppm-f5n1f8da
&SecurityGroupPolicySet.Egress.1.AddressTemplate.AddressId=ipm-2uw6ujo6
&SecurityGroupPolicySet.Egress.1.Action=accept
&SecurityGroupPolicySet.Egress.1.PolicyDescription=Test
&<Common request parameters>

Output Example

{
    "Response": {
        "SecurityGroup": {
            "SecurityGroupId": "sg-12345678",
            "SecurityGroupName": "TestGroup",
            "SecurityGroupDesc": "test-group-desc",
            "ProjectId": "0"
        }
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
InternalError.ModuleError Internal module error
InvalidParameter.Coexist The parameters cannot be specified at the same time.
InvalidParameterValue Incorrect parameter value.
InvalidParameterValue.LimitExceeded The parameter value exceeds the limit.
InvalidParameterValue.Malformed Invalid input parameter format.
InvalidParameterValue.MemberApprovalApplicationIdMismatch
InvalidParameterValue.MemberApprovalApplicationNotApproved
InvalidParameterValue.MemberApprovalApplicationRejected
InvalidParameterValue.MemberApprovalApplicationStarted
InvalidParameterValue.Range The parameter value is not in the specified range.
InvalidParameterValue.TooLong Invalid parameter value. The parameter value is too long.
LimitExceeded Quota limit is reached.
MissingParameter Missing parameter.
ResourceNotFound The resource does not exist.
UnknownParameter.WithGuess Unknown parameter. Try similar parameters.
UnsupportedOperation.LockedResources
Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support