AuthorizeSecurityGroup
Description
The call AuthorizeSecurityGroup adds an inbound security group rule. Specify the inbound access permission of the security group, and allow or deny other devices to send inbound traffic to instances in the security group.
Request Method
POST
Request Path
/apsara/route/Ecs/AuthorizeSecurityGroup
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| SourceGroupId | BODY | string | No | sg-bp67acfmxazb4pj*** | the source security group ID that needs to set access rights. Set at least one SourceGroupId or SourceCidrIp parameter. if the specified SourceGroupId does not specify the parameter SourceCidrIp, the parameter NicType value can only be intranet. if both SourceGroupId and SourceCidrIp are specified, the SourceCidrIp shall prevail by default. |
| Policy | BODY | string | No | accept | set access rights. Value range: accept (default): Accept access. drop: denied access and does not return a denial message, which is expressed as similar information that the initiator request timed out or cannot establish a connection. |
| Description | BODY | string | No | Manually authorize SSH 22 port-RuleDemo | description information of security group rules. The length is 1~512 characters. |
| SourcePortRange | BODY | string | No | 22/22 | the port range related to the transport layer protocol open by the source security group. Value range: TCP/UDP protocol: the value range is 1~65535. Use a slash (/) to separate the start and end ports. Correct demonstration: 1/200; Error demonstration: 200/1. ICMP protocol:-1/-1. GRE protocol:-1/-1. The IpProtocol value is all:-1/-1. |
| Priority | BODY | string | No | 1 | security group rule priority, the smaller the number, the higher the priority. Value range: 1~100 default value: 1. |
| SecurityGroupId | BODY | string | Yes | sg-bp67acfmxazb4ph*** | destination security group ID. |
| SourceGroupOwnerId | BODY | long | No | 155780923770 | When setting security group rules across accounts, the ID of the Alibaba Cloud account to which the source security group belongs. if the SourceGroupOwnerId and SourceGroupOwnerAccount are not set, it is considered to set the access rights of your other security groups. if you have set the parameter SourceCidrIp, the parameter SourceGroupOwnerId is invalid. |
| Ipv6SourceCidrIp | BODY | string | No | 2001:250:6000::*** | source IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format. Description Only IPv6 addresses of VPC-type ECS instances are supported. Default value: None. |
| NicType | BODY | string | No | intranet | the network card type of the classic network type security group rule. Value range: internet: public network card. intranet: intranet network card. VPC type security group rules do not need to set the network card type. The default value is intranet and can only be intranet. when setting mutual access between security groups, the DestGroupId is specified and no DestCidrIp is specified, which can only be intranet. default value: internet. |
| version | BODY | string | No | 2016-01-01 | version of api |
| PortRange | BODY | string | Yes | 22/22 | the port range related to the transport layer protocol open by the destination security group. Value range: TCP/UDP protocol: the value range is 1~65535. Use a slash (/) to separate the start and end ports. Correct demonstration: 1/200; Error demonstration: 200/1. ICMP protocol:-1/-1. GRE protocol:-1/-1. The IpProtocol value is all:-1/-1. |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| SourceCidrIp | BODY | string | No | 10.0.0.0/8 | source IPv4 CIDR address segment. CIDR format and IPv4 format are supported for IP address ranges. Default value: None. |
| IpProtocol | BODY | string | Yes | all | transport layer protocol. The value is case sensitive. Value range: tcp udp icmp gre all: supports all protocols description here icmp protocol only supports IPv4 addresses. |
| DestCidrIp | BODY | string | No | 10.0.0.0/8 | destination IPv4 CIDR address segment. CIDR format and IPv4 format are supported for IP address ranges. Default value: None. |
| RegionId | BODY | string | Yes | cn-qingdao-env17-d01 | the region ID of the security group. You can call the DescribeRegions to view the latest Alibaba Cloud region list. |
| SourceGroupOwnerAccount | BODY | string | No | test@aliyun.com | When setting security group rules across accounts, the Alibaba Cloud account to which the source security group belongs. if the SourceGroupOwnerAccount and SourceGroupOwnerId are not set, it is considered to set the access rights of your other security groups. if the parameter SourceCidrIp has been set, the parameter SourceGroupOwnerAccount is invalid. |
| Ipv6DestCidrIp | BODY | string | No | 2001:250:6000::*** | destination IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format. Description Only IPv6 addresses of VPC-type ECS instances are supported. Default value: None. |
| ClientToken | BODY | string | No | 123e4567-e89b-12d3-a456-426655440000 | Ensure request idempotence. Generate a parameter value from your client to ensure that the parameter value is unique between different requests. ClientToken only supports ASCII characters and cannot exceed 64 characters. For more details, please refer to the section on how to ensure idempotence in the cloud server ECS development guide. |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| RequestID | string | 1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC | Request id |
Example
Successful Response example
{
"RequestID":"1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}