AuthorizeSecurityGroupEgress
Description
the call AuthorizeSecurityGroupEgress adds a security group exit direction rule. Specify the outbound access permission of the security group, and allow or deny instances in the security group to send outbound traffic to other devices.
Request Method
POST
Request Path
/apsara/route/Ecs/AuthorizeSecurityGroupEgress
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| Policy | BODY | string | No | accept | set access rights. Value range: accept: Accept access drop: deny access, do not return denial information default value: accept. |
| Description | BODY | string | No | Manually authorize SSH 22 port-RuleDemo | description information of security group rules. The length is 1~512 characters. |
| SourcePortRange | BODY | string | No | 80/80 | the port range related to the transport layer protocol open by the source security group. Value range: TCP/UDP protocol: 1~65535. Use a slash (/) to separate the start and end ports. Correct demonstration: 1/200; Error demonstration: 200/1 ICMP protocol:-1/-1 GRE protocol:-1/-1 all:-1/-1 |
| Priority | BODY | string | No | 1 | security group rule priority. Value range: 1~100 default value: 1. |
| SecurityGroupId | BODY | string | Yes | sg-bp67acfmxazb4ph*** | source security group ID. |
| Ipv6SourceCidrIp | BODY | string | No | 2001:db8:1234:1a00::*** | source IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format. Default value: None. Description Only VPC IP addresses are supported. |
| NicType | BODY | string | No | intranet | the network card type of the classic network type security group rule. Value range: internet: public network card intranet: intranet network card VPC type security group rules do not need to set the network card type. The default value is intranet and can only be intranet. when setting mutual access between security groups, the DestGroupId is specified and no DestCidrIp is specified, which can only be intranet. default value: internet. |
| DestGroupId | BODY | string | No | sg-bp67acfmxazb4pi*** | the destination security group ID that needs to set access rights. set at least one DestGroupId or DestCidrIp parameter. if the specified DestGroupId does not specify the parameter DestCidrIp, the parameter NicType value can only be intranet. if both DestGroupId and DestCidrIp are specified, the DestCidrIp shall prevail by default. |
| version | BODY | string | No | 2016-01-01 | version of api |
| PortRange | BODY | string | Yes | 80/80 | the port range related to the transport layer protocol open by the destination security group. Value range: TCP/UDP protocol: the value range is 1~65535. Use a slash (/) to separate the start and end ports. Correct demonstration: 1/200; Error demonstration: 200/1 ICMP protocol:-1/-1 GRE protocol:-1/-1 all:-1/-1 |
| DestGroupOwnerAccount | BODY | string | No | Test@aliyun.com | When setting security group rules across accounts, the Alibaba Cloud account to which the destination security group belongs. if the DestGroupOwnerAccount and DestGroupOwnerId are not set, it is considered to set the access rights of your other security groups. if the parameter DestCidrIp has been set, the parameter DestGroupOwnerAccount is invalid. |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| SourceCidrIp | BODY | string | No | 10.0.0.0/8 | source IP address range. CIDR format and IPv4 format are supported for IP address ranges. Default value: None. |
| DestGroupOwnerId | BODY | long | No | 12345678910 | When setting security group rules across accounts, the ID of the Alibaba Cloud account to which the destination security group belongs. if the DestGroupOwnerId and DestGroupOwnerAccount are not set, it is considered to set the access rights of your other security groups. if you have set the parameter DestCidrIp, the parameter DestGroupOwnerId is invalid. |
| IpProtocol | BODY | string | Yes | all | transport layer protocol. The value is case sensitive. Value range: icmp gre tcp udp all: supports all protocols |
| DestCidrIp | BODY | string | No | 10.0.0.0/8 | destination IP address range. CIDR format and IPv4 format are supported for IP address ranges. Default value: None. |
| RegionId | BODY | string | Yes | cn-qingdao-env17-d01 | the region ID of the source security group. You can call the DescribeRegions to view the latest Alibaba Cloud region list. |
| Ipv6DestCidrIp | BODY | string | No | 2001:db8:1233:1a00::*** | destination IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format. Default value: None. Description Only VPC IP addresses are supported. |
| ClientToken | BODY | string | No | 123e4567-e89b-12d3-a456-426655440000 | Ensure request idempotence. Generate a parameter value from your client to ensure that the parameter value is unique between different requests. ClientToken only supports ASCII characters and cannot exceed 64 characters. For more details, please refer to the section on how to ensure idempotence in the cloud server ECS development guide. |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| RequestID | string | 1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC | Request id |
Example
Successful Response example
{
"RequestID":"1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}