ModifySecurityGroupRule
Description
call ModifySecurityGroupRule to modify the description information of the security group entry direction rule. This interface can only modify the description information. If you need to modify the policy, port range, authorization object and other information of the security group rule, please modify it in the ECS management console.
Request Method
POST
Request Path
/apsara/route/Ecs/ModifySecurityGroupRule
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| SourceGroupId | BODY | string | No | sg-bp67acfmxazb4p**** | the source security group ID for setting access rights. SourceGroupId or SourceCidrIp parameters must be set. if the specified SourceGroupId does not specify the parameter SourceCidrIp, the parameter NicType value can only be intranet. If both SourceGroupId and SourceCidrIp are specified, the SourceCidrIp shall prevail by default. |
| Policy | BODY | string | No | accept | access rights. Value range: accept: Accept access drop: deny access, do not return denial information default value: accept. |
| Description | BODY | string | No | This is a new security group rule. | description information of security group rules. The length is 1~512 characters. |
| SourcePortRange | BODY | string | No | 80/80 | the port range related to the transport layer protocol open by the source security group. Value range: TCP/UDP protocol: the value range is 1~65535. Use a slash (/) to separate the start and end ports. Correct demonstration: 1/200; Error demonstration: 200/1 ICMP protocol:-1/-1 GRE protocol:-1/-1 all:-1/-1 |
| Priority | BODY | string | No | 1 | security group rule priority. Value range: 1~100 default value: 1. |
| SecurityGroupId | BODY | string | Yes | sg-bp67acfmxazb4p**** | target security group ID. |
| SourceGroupOwnerId | BODY | long | No | 12345678910 | When setting security group rules across accounts, the ID of the Alibaba Cloud account to which the source security group belongs. if the SourceGroupOwnerId and SourceGroupOwnerAccount are not set, it is considered to set the access rights of your other security groups. if you have set the parameter SourceCidrIp, the parameter SourceGroupOwnerId is invalid. |
| Ipv6SourceCidrIp | BODY | string | No | 2001:db8:1233:1a00::*** | source IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format. Description Only VPC IP addresses are supported. Default value: None. |
| NicType | BODY | string | No | intranet | the network card type of the classic network type security group rule. Value range: internet: public network intranet: intranet default value: internet. In the following cases, the parameter NicType value can only be intranet: When the network type of the security group rule is VPC, you do not need to set the NicType parameter. By default, it can only be intranet. when mutual access between security groups is set, that is, when the DestGroupId is specified and no DestCidrIp is specified. |
| version | BODY | string | No | 2016-01-01 | version of api |
| PortRange | BODY | string | Yes | 80/80 | the port range related to the transport layer protocol open by the destination security group. Value range: TCP/UDP protocol: the value range is 1~65535. Use a slash (/) to separate the start and end ports. Correct demonstration: 1/200; Error demonstration: 200/1 ICMP protocol:-1/-1 GRE protocol:-1/-1 all:-1/-1 |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| SourceCidrIp | BODY | string | No | 10.0.0.0/8 | source IP address range. CIDR format and IPv4 format are supported for IP address ranges. default value: 0.0.0.0/0. |
| IpProtocol | BODY | string | Yes | all | transport layer protocol. Case insensitive. Value range: icmp icmpv6 gre tcp udp all: supports all protocols |
| DestCidrIp | BODY | string | No | 10.0.0.0/8 | destination IP address range. CIDR format and IPv4 format are supported for IP address ranges. default value: 0.0.0.0/0. |
| RegionId | BODY | string | Yes | cn-qingdao-env17-d01 | the region ID of the target security group. You can call the DescribeRegions to view the latest Alibaba Cloud region list. |
| SourceGroupOwnerAccount | BODY | string | No | Test@aliyun.com | When setting security group rules across accounts, the Alibaba Cloud account to which the source security group belongs. if the SourceGroupOwnerAccount and SourceGroupOwnerID are not set, it is considered to set the access rights of your other security groups. if the parameter SourceCidrIp has been set, the parameter SourceGroupOwnerAccount is invalid. |
| Ipv6DestCidrIp | BODY | string | No | 2001:db8:1234:1a00::*** | destination IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format. Description Only VPC IP addresses are supported. Default value: None. |
| ClientToken | BODY | string | No | 123e4567-e89b-12d3-a456-426655440000 | Ensure request idempotence. Generate a parameter value from your client to ensure that the parameter value is unique between different requests. ClientToken only supports ASCII characters and cannot exceed 64 characters. For more details, please refer to the section on how to ensure idempotence in the cloud server ECS development guide. |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| RequestID | string | 1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC | Request id |
Example
Successful Response example
{
"RequestID":"1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}