1. API Description

Domain name for API request: vpc.tencentcloudapi.com.

This API (CreateSecurityGroupWithPolicies) is used to create security groups, and add security group policies.

• Note themaximum number of security groupsper project in each region under each account.
• Both the inbound and outbound policies for a newly created security group are Deny All by default. You need to call CreateSecurityGroupPolicies to set security group policies according to your needs.

Description:

• Version: Indicates the version number of a security group policy, which will automatically increment by 1 every time you update the security policy, to prevent the expiration of the updated policies. If this field is left empty, any conflicts will be ignored.
• Protocol: Values can be TCP, UDP, ICMP, ICMPV6, GRE, or ALL.
• CidrBlock: A CIDR block in the correct format. In a basic network, if a CidrBlock contains private IPs on Tencent Cloud for devices under your account other than CVMs, it does not mean this policy allows you to access these devices. The network isolation policies between tenants take priority over the private network policies in security groups.
• Ipv6CidrBlock: An IPv6 CIDR block in the correct format. In a basic network, if an Ipv6CidrBlock contains private IPv6 addresses on Tencent Cloud for devices under your account other than CVMs, it does not mean this policy allows you to access these devices. The network isolation policies between tenants take priority over the private network policies in security groups.
• SecurityGroupId: ID of the security group. It can be in the same project as the security group to be modified, including the ID of the security group itself, to represent private IP addresses of all CVMs under the security group. If this field is used, the policy will change without manual modification according to the CVM associated with the policy ID while being used to match network messages.
• Port: A single port number, or a port range in the format of '8000-8010'. The Port field is accepted only if the value of the Protocol field is TCP or UDP. Otherwise Protocol and Port are mutually exclusive.
• Action: Values can be ACCEPT or DROP.
• CidrBlock, Ipv6CidrBlock, SecurityGroupId, and AddressTemplate are exclusive and cannot be entered at the same time. 'Protocol + Port' and ServiceTemplate are mutually exclusive and cannot be entered at the same time.
• Only policies in one direction can be created in each request. If you need to specify the PolicyIndex parameter, the indexes of policies must be consistent.

A maximum of 100 requests can be initiated per second for this API.

Note: This API supports Finance regions. If the common parameter Region is a Finance region, a domain name with the Finance region needs to be specified, for example: vpc.ap-shanghai-fsi.tencentcloudapi.com

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

3. Output Parameters

4. Example

Example1 Creats a security group

Input Example

https://vpc.tencentcloudapi.com/?Action=CreateSecurityGroupWithPolicies
&Version=2017-03-12
&GroupName=TestGroup
&GroupDescription=test-group-desc
&<Common request parameter>

Output Example

{
  "Response": {
    "RequestID": "354f4ac3-8546-4516-8c8a-69e3ab73aa8a",
    "SecurityGroup": {
      "SecurityGroupId": "sg-12345678",
      "SecurityGroupName": "TestGroup",
      "SecurityGroupDesc": "test-group-desc",
      "ProjectId": "0",
      "CreateTime": "2018-01-13 19:26:33"
    }
  }
}

Example2 Creates security groups and their policies

Input Example

https://vpc.tencentcloudapi.com/?Action=CreateSecurityGroupWithPolicies
&Version=2017-03-12
&GroupName=TestGroup
&GroupDescription=test-group-desc
&SecurityGroupPolicySet.Egress.0.PolicyIndex=0
&SecurityGroupPolicySet.Egress.0.ServiceTemplate.ServiceId=ppm-f5n1f8da
&SecurityGroupPolicySet.Egress.0.AddressTemplate.AddressId=ipm-2uw6ujo6
&SecurityGroupPolicySet.Egress.0.Action=accept
&SecurityGroupPolicySet.Egress.0.PolicyDescription=TestPolicy
&SecurityGroupPolicySet.Egress.1.PolicyIndex=1
&SecurityGroupPolicySet.Egress.1.ServiceTemplate.ServiceId=ppm-f5n1f8da
&SecurityGroupPolicySet.Egress.1.AddressTemplate.AddressId=ipm-2uw6ujo6
&SecurityGroupPolicySet.Egress.1.Action=accept
&SecurityGroupPolicySet.Egress.1.PolicyDescription=Test
&<Common request parameter>

Output Example

{
  "Response": {
    "RequestID": "354f4ac3-8546-4516-8c8a-69e3ab73aa8a",
    "SecurityGroup": {
      "SecurityGroupId": "sg-12345678",
      "SecurityGroupName": "TestGroup",
      "SecurityGroupDesc": "test-group-desc",
      "ProjectId": "0",
      "CreateTime": "2018-01-13 19:26:33"
    }
  }
}

5. Developer Resources

API Explorer

This tool allows online call, signature authentication, SDK code generation and quick search of APIs to greatly improve the efficiency of using TencentCloud APIs.

• API 3.0 Explorer

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

• Tencent Cloud SDK 3.0 for Python
• Tencent Cloud SDK 3.0 for Java
• Tencent Cloud SDK 3.0 for PHP
• Tencent Cloud SDK 3.0 for Go
• Tencent Cloud SDK 3.0 for NodeJS
• Tencent Cloud SDK 3.0 for .NET

Command Line Interface

• Tencent Cloud CLI 3.0

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.