tencent cloud

文档反馈

CreateSecurityGroupPolicies

最后更新时间:2023-08-18 14:28:00

1. API Description

Domain name for API request: ecm.tencentcloudapi.com.

This API is used to create a security group policy.

In the `SecurityGroupPolicySet` parameter:

  • `Version`: the version number of a security group policy, which automatically increases by one each time you update the security policy, to prevent expiration of the updated routing policies. If it is left empty, any conflicts will be ignored.
  • When creating the `Egress` and `Ingress` polices,
    • Protocol: TCP, UDP, ICMP, GRE, or ALL.
    • `CidrBlock`: a CIDR block in the correct format. In a classic network, if a `CidrBlock` contains private IPs on Tencent Cloud for devices under your account other than CVMs, it does not mean this policy allows you to access these devices. The network isolation policies between tenants take priority over the private network policies in security groups.
    • `SecurityGroupId`: ID of the security group. It can be the ID of security group to be modified, or the ID of other security group in the same project. All private IPs of all CVMs under the security group will be covered. If this field is used, the policy will automatically change according to the CVM associated with the group ID while being used to match network messages. You don’t need to change it manually.
    • `Port`: a single port number such as 80, or a port range in the format of “8000-8010”. You may use this field only if the `Protocol` field takes the value `TCP` or `UDP`. Otherwise `Protocol` and `Port` are mutually exclusive.
    • `Action`: only allows `ACCEPT` or `DROP`.
    • `CidrBlock`, `SecurityGroupId`, and `AddressTemplate` are mutually exclusive. `Protocol` + `Port` and `ServiceTemplate` are mutually exclusive.
    • You can only create policies in one direction in each request. To specify the `PolicyIndex` parameter, use the same index number in policies.

Default API request rate limit: 20 requests/sec.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: CreateSecurityGroupPolicies.
Version Yes String Common Params. The value used for this API: 2019-07-19.
Region No String Common Params. This parameter is not required for this API.
SecurityGroupId Yes String Security group instance ID, such as esg-33ocnj9n, which can be obtained through the DescribeSecurityGroups API.
SecurityGroupPolicySet Yes SecurityGroupPolicySet Security group policy set.

3. Output Parameters

Parameter Name Type Description
RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Adding outbound policy to security group

Input Example

https://ecm.tencentcloudapi.com/?Action=CreateSecurityGroupPolicies
&SecurityGroupId=esg-ohuuioma
&SecurityGroupPolicySet.Version=1
&SecurityGroupPolicySet.Egress.0.PolicyIndex=1
&SecurityGroupPolicySet.Egress.0.Protocol=TCP
&SecurityGroupPolicySet.Egress.0.Port=80
&SecurityGroupPolicySet.Egress.0.Action=accept
&SecurityGroupPolicySet.Egress.0.CidrBlock=10.0.0.0/16
&SecurityGroupPolicySet.Egress.0.PolicyDescription=TestPolicy
&<Common request parameters>

Output Example

{
    "Response": {
        "RequestId": "53ee3ed3-c9ed-48ba-8a57-8624b9c0d3b8"
    }
}

5. Developer Resources

SDK

TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
FailedOperation.InternalOperationFailure Internal error.
InvalidParameter The parameter is incorrect.
InvalidParameter.Coexist The parameters cannot be specified at the same time.
InvalidParameter.InvalidDataFormat The data format is incorrect.
InvalidParameterValue The parameter value is incorrect.
InvalidParameterValue.LimitExceeded The parameter value exceeds the limit.
InvalidParameterValue.Malformed The input parameter format is invalid.
LimitExceeded The quota limit is exceeded.
LimitExceeded.SecurityGroupPolicySet The number of security group rules exceeds the upper limit.
MissingParameter The parameter is missing.
ResourceNotFound The resource does not exist.
UnauthorizedOperation.ForbiddenOperation You don't have the permission to perform this operation.
UnsupportedOperation.DuplicatePolicy The security group policy is duplicate.
UnsupportedOperation.VersionMismatch The specified version number of the security group rule is inconsistent with the latest version.