- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Network Topology
- Virtual Private Cloud (VPC)
- Subnets
- Route Tables
- IPs and ENIs
- Bandwidth Package
- Network Connection
- Security Management
- Diagnostic Tools
- Alarming and Monitoring
- Best Practices
- Configuring a Public Gateway CVM
- Building HA Primary/Secondary Cluster with HAVIP + Keepalived
- Creating a High-availability Database by Using HAVIP + Windows Server Failover Cluster
- Migrating from the Classic Network to VPC
- Hybrid Cloud Primary/Secondary Communication (DC and VPN)
- Hybrid Cloud Primary/Secondary Communication (CCN and VPN)
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- VPC APIs
- DescribeAccountAttributes
- CreateDefaultVpc
- CreateVpc
- ModifyVpcAttribute
- DescribeVpcs
- DescribeVpcPrivateIpAddresses
- DescribeVpcInstances
- DeleteVpc
- AttachClassicLinkVpc
- DescribeClassicLinkInstances
- DetachClassicLinkVpc
- AssignIpv6CidrBlock
- DescribeVpcIpv6Addresses
- UnassignIpv6CidrBlock
- CreateAssistantCidr
- ModifyAssistantCidr
- DescribeAssistantCidr
- CheckAssistantCidr
- DeleteAssistantCidr
- DescribeVpcResourceDashboard
- ModifyLocalGateway
- DescribeLocalGateway
- DeleteLocalGateway
- CreateLocalGateway
- Subnet APIs
- Route Table APIs
- EIP APIs
- Highly Available Virtual IP APIs
- ENI APIs
- AssignPrivateIpAddresses
- UnassignPrivateIpAddresses
- ModifyNetworkInterfaceAttribute
- DetachNetworkInterface
- DescribeNetworkInterfaces
- CreateNetworkInterface
- AttachNetworkInterface
- MigratePrivateIpAddress
- MigrateNetworkInterface
- DeleteNetworkInterface
- ModifyPrivateIpAddressesAttribute
- UnassignIpv6Addresses
- ModifyIpv6AddressesAttribute
- AssignIpv6Addresses
- DescribeNetworkInterfaceLimit
- DisassociateNetworkInterfaceSecurityGroups
- AssociateNetworkInterfaceSecurityGroups
- CreateAndAttachNetworkInterface
- IP Location APIs
- Bandwidth Package APIs
- NAT Gateway APIs
- DescribeNatGateways
- ResetNatGatewayConnection
- ModifyNatGatewayDestinationIpPortTranslationNatRule
- ModifyNatGatewayAttribute
- DisassociateNatGatewayAddress
- DescribeNatGatewayDestinationIpPortTranslationNatRules
- DeleteNatGatewayDestinationIpPortTranslationNatRule
- DeleteNatGateway
- CreateNatGatewayDestinationIpPortTranslationNatRule
- CreateNatGateway
- AssociateNatGatewayAddress
- ModifyNatGatewaySourceIpTranslationNatRule
- DescribeNatGatewaySourceIpTranslationNatRules
- DeleteNatGatewaySourceIpTranslationNatRule
- CreateNatGatewaySourceIpTranslationNatRule
- VPN Gateway APIs
- ResetVpnGatewayInternetMaxBandwidth
- ResetVpnConnection
- RenewVpnGateway
- ModifyVpnGatewayAttribute
- ModifyVpnConnectionAttribute
- ModifyCustomerGatewayAttribute
- InquiryPriceResetVpnGatewayInternetMaxBandwidth
- InquiryPriceRenewVpnGateway
- InquiryPriceCreateVpnGateway
- DownloadCustomerGatewayConfiguration
- DescribeVpnGateways
- DescribeVpnConnections
- DescribeCustomerGateways
- DescribeCustomerGatewayVendors
- DeleteVpnGateway
- DeleteVpnConnection
- DeleteCustomerGateway
- CreateVpnGateway
- CreateVpnConnection
- CreateCustomerGateway
- ModifyVpnGatewayCcnRoutes
- DescribeVpnGatewayCcnRoutes
- ModifyVpnGatewayRoutes
- DescribeVpnGatewayRoutes
- DeleteVpnGatewayRoutes
- CreateVpnGatewayRoutes
- Direct Connect Gateway APIs
- ReplaceDirectConnectGatewayCcnRoutes
- DescribeDirectConnectGatewayCcnRoutes
- DeleteDirectConnectGatewayCcnRoutes
- CreateDirectConnectGatewayCcnRoutes
- CreateDirectConnectGateway
- ModifyDirectConnectGatewayAttribute
- DescribeDirectConnectGateways
- DeleteDirectConnectGateway
- DisassociateDirectConnectGatewayNatGateway
- AssociateDirectConnectGatewayNatGateway
- InquirePriceCreateDirectConnectGateway
- Cloud Connect Network APIs
- SetCcnRegionBandwidthLimits
- ModifyCcnAttribute
- EnableCcnRoutes
- DisableCcnRoutes
- DetachCcnInstances
- DescribeCcns
- DescribeCcnRoutes
- DescribeCcnRegionBandwidthLimits
- DescribeCcnAttachedInstances
- DeleteCcn
- CreateCcn
- AttachCcnInstances
- ResetAttachCcnInstances
- RejectAttachCcnInstances
- AcceptAttachCcnInstances
- ModifyCcnRegionBandwidthLimitsType
- GetCcnRegionBandwidthLimits
- DescribeCrossBorderCompliance
- AuditCrossBorderCompliance
- ModifyCcnAttachedInstancesAttribute
- Security Group APIs
- DeleteSecurityGroup
- DescribeSecurityGroupPolicies
- ModifySecurityGroupAttribute
- CreateSecurityGroup
- CreateSecurityGroupPolicies
- DescribeSecurityGroups
- DeleteSecurityGroupPolicies
- ModifySecurityGroupPolicies
- ReplaceSecurityGroupPolicy
- DescribeSecurityGroupAssociationStatistics
- DescribeSecurityGroupReferences
- CreateSecurityGroupWithPolicies
- CloneSecurityGroup
- Network ACL APIs
- Network Parameter Template-Related APIs
- CreateAddressTemplate
- CreateAddressTemplateGroup
- CreateServiceTemplate
- CreateServiceTemplateGroup
- DeleteAddressTemplate
- DeleteAddressTemplateGroup
- DeleteServiceTemplate
- DeleteServiceTemplateGroup
- DescribeAddressTemplateGroups
- DescribeAddressTemplates
- DescribeServiceTemplateGroups
- DescribeServiceTemplates
- ModifyAddressTemplateAttribute
- ModifyAddressTemplateGroupAttribute
- ModifyServiceTemplateAttribute
- ModifyServiceTemplateGroupAttribute
- Network Detection-Related APIs
- Flow Log APIs
- Gateway Traffic Monitor APIs
- Private Link APIs
- CreateVpcEndPointService
- DescribeVpcEndPointService
- ModifyVpcEndPointServiceAttribute
- DeleteVpcEndPointService
- CreateVpcEndPointServiceWhiteList
- DescribeVpcEndPointServiceWhiteList
- ModifyVpcEndPointServiceWhiteList
- EnableVpcEndPointConnect
- DeleteVpcEndPointServiceWhiteList
- DescribeVpcEndPoint
- CreateVpcEndPoint
- ModifyVpcEndPointAttribute
- DeleteVpcEndPoint
- DisassociateVpcEndPointSecurityGroups
- Other APIs
- Data Types
- Error Codes
- FAQs
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Network Topology
- Virtual Private Cloud (VPC)
- Subnets
- Route Tables
- IPs and ENIs
- Bandwidth Package
- Network Connection
- Security Management
- Diagnostic Tools
- Alarming and Monitoring
- Best Practices
- Configuring a Public Gateway CVM
- Building HA Primary/Secondary Cluster with HAVIP + Keepalived
- Creating a High-availability Database by Using HAVIP + Windows Server Failover Cluster
- Migrating from the Classic Network to VPC
- Hybrid Cloud Primary/Secondary Communication (DC and VPN)
- Hybrid Cloud Primary/Secondary Communication (CCN and VPN)
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- VPC APIs
- DescribeAccountAttributes
- CreateDefaultVpc
- CreateVpc
- ModifyVpcAttribute
- DescribeVpcs
- DescribeVpcPrivateIpAddresses
- DescribeVpcInstances
- DeleteVpc
- AttachClassicLinkVpc
- DescribeClassicLinkInstances
- DetachClassicLinkVpc
- AssignIpv6CidrBlock
- DescribeVpcIpv6Addresses
- UnassignIpv6CidrBlock
- CreateAssistantCidr
- ModifyAssistantCidr
- DescribeAssistantCidr
- CheckAssistantCidr
- DeleteAssistantCidr
- DescribeVpcResourceDashboard
- ModifyLocalGateway
- DescribeLocalGateway
- DeleteLocalGateway
- CreateLocalGateway
- Subnet APIs
- Route Table APIs
- EIP APIs
- Highly Available Virtual IP APIs
- ENI APIs
- AssignPrivateIpAddresses
- UnassignPrivateIpAddresses
- ModifyNetworkInterfaceAttribute
- DetachNetworkInterface
- DescribeNetworkInterfaces
- CreateNetworkInterface
- AttachNetworkInterface
- MigratePrivateIpAddress
- MigrateNetworkInterface
- DeleteNetworkInterface
- ModifyPrivateIpAddressesAttribute
- UnassignIpv6Addresses
- ModifyIpv6AddressesAttribute
- AssignIpv6Addresses
- DescribeNetworkInterfaceLimit
- DisassociateNetworkInterfaceSecurityGroups
- AssociateNetworkInterfaceSecurityGroups
- CreateAndAttachNetworkInterface
- IP Location APIs
- Bandwidth Package APIs
- NAT Gateway APIs
- DescribeNatGateways
- ResetNatGatewayConnection
- ModifyNatGatewayDestinationIpPortTranslationNatRule
- ModifyNatGatewayAttribute
- DisassociateNatGatewayAddress
- DescribeNatGatewayDestinationIpPortTranslationNatRules
- DeleteNatGatewayDestinationIpPortTranslationNatRule
- DeleteNatGateway
- CreateNatGatewayDestinationIpPortTranslationNatRule
- CreateNatGateway
- AssociateNatGatewayAddress
- ModifyNatGatewaySourceIpTranslationNatRule
- DescribeNatGatewaySourceIpTranslationNatRules
- DeleteNatGatewaySourceIpTranslationNatRule
- CreateNatGatewaySourceIpTranslationNatRule
- VPN Gateway APIs
- ResetVpnGatewayInternetMaxBandwidth
- ResetVpnConnection
- RenewVpnGateway
- ModifyVpnGatewayAttribute
- ModifyVpnConnectionAttribute
- ModifyCustomerGatewayAttribute
- InquiryPriceResetVpnGatewayInternetMaxBandwidth
- InquiryPriceRenewVpnGateway
- InquiryPriceCreateVpnGateway
- DownloadCustomerGatewayConfiguration
- DescribeVpnGateways
- DescribeVpnConnections
- DescribeCustomerGateways
- DescribeCustomerGatewayVendors
- DeleteVpnGateway
- DeleteVpnConnection
- DeleteCustomerGateway
- CreateVpnGateway
- CreateVpnConnection
- CreateCustomerGateway
- ModifyVpnGatewayCcnRoutes
- DescribeVpnGatewayCcnRoutes
- ModifyVpnGatewayRoutes
- DescribeVpnGatewayRoutes
- DeleteVpnGatewayRoutes
- CreateVpnGatewayRoutes
- Direct Connect Gateway APIs
- ReplaceDirectConnectGatewayCcnRoutes
- DescribeDirectConnectGatewayCcnRoutes
- DeleteDirectConnectGatewayCcnRoutes
- CreateDirectConnectGatewayCcnRoutes
- CreateDirectConnectGateway
- ModifyDirectConnectGatewayAttribute
- DescribeDirectConnectGateways
- DeleteDirectConnectGateway
- DisassociateDirectConnectGatewayNatGateway
- AssociateDirectConnectGatewayNatGateway
- InquirePriceCreateDirectConnectGateway
- Cloud Connect Network APIs
- SetCcnRegionBandwidthLimits
- ModifyCcnAttribute
- EnableCcnRoutes
- DisableCcnRoutes
- DetachCcnInstances
- DescribeCcns
- DescribeCcnRoutes
- DescribeCcnRegionBandwidthLimits
- DescribeCcnAttachedInstances
- DeleteCcn
- CreateCcn
- AttachCcnInstances
- ResetAttachCcnInstances
- RejectAttachCcnInstances
- AcceptAttachCcnInstances
- ModifyCcnRegionBandwidthLimitsType
- GetCcnRegionBandwidthLimits
- DescribeCrossBorderCompliance
- AuditCrossBorderCompliance
- ModifyCcnAttachedInstancesAttribute
- Security Group APIs
- DeleteSecurityGroup
- DescribeSecurityGroupPolicies
- ModifySecurityGroupAttribute
- CreateSecurityGroup
- CreateSecurityGroupPolicies
- DescribeSecurityGroups
- DeleteSecurityGroupPolicies
- ModifySecurityGroupPolicies
- ReplaceSecurityGroupPolicy
- DescribeSecurityGroupAssociationStatistics
- DescribeSecurityGroupReferences
- CreateSecurityGroupWithPolicies
- CloneSecurityGroup
- Network ACL APIs
- Network Parameter Template-Related APIs
- CreateAddressTemplate
- CreateAddressTemplateGroup
- CreateServiceTemplate
- CreateServiceTemplateGroup
- DeleteAddressTemplate
- DeleteAddressTemplateGroup
- DeleteServiceTemplate
- DeleteServiceTemplateGroup
- DescribeAddressTemplateGroups
- DescribeAddressTemplates
- DescribeServiceTemplateGroups
- DescribeServiceTemplates
- ModifyAddressTemplateAttribute
- ModifyAddressTemplateGroupAttribute
- ModifyServiceTemplateAttribute
- ModifyServiceTemplateGroupAttribute
- Network Detection-Related APIs
- Flow Log APIs
- Gateway Traffic Monitor APIs
- Private Link APIs
- CreateVpcEndPointService
- DescribeVpcEndPointService
- ModifyVpcEndPointServiceAttribute
- DeleteVpcEndPointService
- CreateVpcEndPointServiceWhiteList
- DescribeVpcEndPointServiceWhiteList
- ModifyVpcEndPointServiceWhiteList
- EnableVpcEndPointConnect
- DeleteVpcEndPointServiceWhiteList
- DescribeVpcEndPoint
- CreateVpcEndPoint
- ModifyVpcEndPointAttribute
- DeleteVpcEndPoint
- DisassociateVpcEndPointSecurityGroups
- Other APIs
- Data Types
- Error Codes
- FAQs
- Contact Us
- Glossary
1. API Description
Domain name for API request: vpc.tencentcloudapi.com.
This API (CreateSecurityGroupWithPolicies) is used to create security groups, and add security group policies.
- Note themaximum number of security groupsper project in each region under each account.
- Both the inbound and outbound policies for a newly created security group are Deny All by default. You need to call CreateSecurityGroupPolicies to set security group policies according to your needs.
Description:
Version: Indicates the version number of a security group policy, which will automatically increment by 1 every time you update the security policy, to prevent the expiration of the updated policies. If this field is left empty, any conflicts will be ignored.Protocol: Values can be TCP, UDP, ICMP, ICMPV6, GRE, or ALL.CidrBlock: A CIDR block in the correct format. In a basic network, if a CidrBlock contains private IPs on Tencent Cloud for devices under your account other than CVMs, it does not mean this policy allows you to access these devices. The network isolation policies between tenants take priority over the private network policies in security groups.Ipv6CidrBlock: An IPv6 CIDR block in the correct format. In a basic network, if an Ipv6CidrBlock contains private IPv6 addresses on Tencent Cloud for devices under your account other than CVMs, it does not mean this policy allows you to access these devices. The network isolation policies between tenants take priority over the private network policies in security groups.SecurityGroupId: ID of the security group. It can be in the same project as the security group to be modified, including the ID of the security group itself, to represent private IP addresses of all CVMs under the security group. If this field is used, the policy will change without manual modification according to the CVM associated with the policy ID while being used to match network messages.Port: A single port number, or a port range in the format of “8000-8010”. The Port field is accepted only if the value of theProtocolfield isTCPorUDP. Otherwise Protocol and Port are mutually exclusive.Action: Values can beACCEPTorDROP.- CidrBlock, Ipv6CidrBlock, SecurityGroupId, and AddressTemplate are exclusive and cannot be entered at the same time. “Protocol + Port” and ServiceTemplate are mutually exclusive and cannot be entered at the same time.
- Only policies in one direction can be created in each request. If you need to specify the
PolicyIndexparameter, the indexes of policies must be consistent.
A maximum of 100 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
This document describes the parameters for Signature V1. It's recommended to use the V3 signature, which provides higher security. Note that for Signature V3, the common parameters need to be placed in the HTTP Header. See details.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common parameter. The value used for this API: CreateSecurityGroupWithPolicies. |
| Version | Yes | String | Common parameter. The value used for this API: 2017-03-12. |
| Region | Yes | String | Common parameter. For more information, please see the list of regions supported by the product. |
| GroupName | Yes | String | Security group can be named freely, but cannot exceed 60 characters. |
| GroupDescription | Yes | String | The remarks for the security group. The maximum length is 100 characters. |
| ProjectId | No | String | The project id is 0 by default. You can query this in the project management page of the Qcloud console. |
| SecurityGroupPolicySet | No | SecurityGroupPolicySet | Security group policy set. |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| SecurityGroup | SecurityGroup | Security group object. |
| RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
4. Example
Example1 Creating a security group
Input Example
https://vpc.tencentcloudapi.com/?Action=CreateSecurityGroupWithPolicies
&Version=2017-03-12
&GroupName=TestGroup
&GroupDescription=test-group-desc
&<Common request parameters>
Output Example
{
"Response": {
"SecurityGroup": {
"SecurityGroupId": "sg-12345678",
"SecurityGroupName": "TestGroup",
"SecurityGroupDesc": "test-group-desc",
"ProjectId": "0"
}
}
}
Example2 Creating security groups and the rules
Input Example
https://vpc.tencentcloudapi.com/?Action=CreateSecurityGroupWithPolicies
&Version=2017-03-12
&GroupName=TestGroup
&GroupDescription=test-group-desc
&SecurityGroupPolicySet.Egress.0.PolicyIndex=0
&SecurityGroupPolicySet.Egress.0.ServiceTemplate.ServiceId=ppm-f5n1f8da
&SecurityGroupPolicySet.Egress.0.AddressTemplate.AddressId=ipm-2uw6ujo6
&SecurityGroupPolicySet.Egress.0.Action=accept
&SecurityGroupPolicySet.Egress.0.PolicyDescription=TestPolicy
&SecurityGroupPolicySet.Egress.1.PolicyIndex=1
&SecurityGroupPolicySet.Egress.1.ServiceTemplate.ServiceId=ppm-f5n1f8da
&SecurityGroupPolicySet.Egress.1.AddressTemplate.AddressId=ipm-2uw6ujo6
&SecurityGroupPolicySet.Egress.1.Action=accept
&SecurityGroupPolicySet.Egress.1.PolicyDescription=Test
&<Common request parameters>
Output Example
{
"Response": {
"SecurityGroup": {
"SecurityGroupId": "sg-12345678",
"SecurityGroupName": "TestGroup",
"SecurityGroupDesc": "test-group-desc",
"ProjectId": "0"
}
}
}
5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for NodeJS
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InvalidParameter.Coexist | The parameters cannot be specified at the same time. |
| InvalidParameterValue | Incorrect parameter value. |
| InvalidParameterValue.Malformed | Invalid input parameter format. |
| InvalidParameterValue.TooLong | Invalid parameter value. The parameter value is too long. |
| LimitExceeded | Quota limit is reached. |
| MissingParameter | Missing parameter. |
| ResourceNotFound | The resource does not exist. |
Yes
No
Was this page helpful?