RevokeSecurityGroup
Description
invoke the RevokeSecurityGroup to delete a security group entry rule and revoke the permission setting for the security group entry direction.
Request Method
POST
Request Path
/apsara/route/Ecs/RevokeSecurityGroup
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| SourceGroupId | BODY | string | No | sg-bp67acfmxazb4p**** | the source security group ID that needs to revoke access. SourceGroupId or SourceCidrIp parameters must be set. if the specified SourceGroupId does not specify the parameter SourceCidrIp, the parameter NicType value can only be intranet. if both SourceGroupId and SourceCidrIp are specified, the SourceCidrIp shall prevail by default. |
| Policy | BODY | string | No | accept | access rights. Value range: accept: Accept access drop: deny access, do not send back denial information default value: accept. |
| Description | BODY | string | No | TestDescription | security group rule description. |
| SourcePortRange | BODY | string | No | 80/80 | the port range related to the transport layer protocol open by the source security group. Value range: TCP/UDP protocol: the value range is 1~65535. Use a slash (/) to separate the start and end ports. Correct demonstration: 1/200; Error demonstration: 200/1 ICMP protocol:-1/-1 GRE protocol:-1/-1 all:-1/-1 |
| Priority | BODY | string | No | 1 | security group rule priority. Value range: 1~100 default value: 1. |
| SecurityGroupId | BODY | string | Yes | sg-bp67acfmxazb4p**** | destination security group ID. |
| SourceGroupOwnerId | BODY | long | No | 12345678910 | When deleting security group rules across accounts, the ID of the Alibaba Cloud account to which the source security group belongs. if the SourceGroupOwnerId and SourceGroupOwnerAccount are not set, it is considered to revoke the access rights of other security groups. if you have set the parameter SourceCidrIp, the parameter SourceGroupOwnerId is invalid. |
| Ipv6SourceCidrIp | BODY | string | No | 2001:db8:1234:1a00::*** | source IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format. Description Only VPC IP addresses are supported. Default value: None. |
| NicType | BODY | string | No | intranet | the network card type of the classic network type security group rule. Value range: internet: public network card intranet: intranet network card VPC type security group rules do not need to set the network card type. The default value is intranet and can only be intranet. when setting mutual access between security groups, the DestGroupId is specified and no DestCidrIp is specified, which can only be intranet. default value: internet. |
| version | BODY | string | No | 2016-01-01 | version of api |
| PortRange | BODY | string | Yes | 1/200 | the port range related to the transport layer protocol open by the destination security group. Value range: TCP/UDP protocol: the value range is 1~65535. Use a slash (/) to separate the start and end ports. Correct demonstration: 1/200; Error demonstration: 200/1 ICMP protocol:-1/-1 GRE protocol:-1/-1 all:-1/-1 |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| SourceCidrIp | BODY | string | No | 10.0.0.0/8 | source IP address range. CIDR format and IPv4 format are supported for IP address ranges. Default value: 0.0.0.0/0 |
| IpProtocol | BODY | string | Yes | all | transport layer protocol. Parameter values are case sensitive. Value range: icmp icmpv6 gre tcp udp all: supports all protocols |
| DestCidrIp | BODY | string | No | 10.0.0.0/8 | destination IP address range. CIDR format and IPv4 format are supported for IP address ranges. Default value: 0.0.0.0/0. |
| RegionId | BODY | string | Yes | cn-qingdao-env17-d01 | the region ID of the destination security group. You can call the DescribeRegions to view the latest Alibaba Cloud region list. |
| Ipv6DestCidrIp | BODY | string | No | 2001:db8:1233:1a00::*** | destination IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format. Description Only VPC IP addresses are supported. Default value: None. |
| SourceGroupOwnerAccount | BODY | string | No | Test@aliyun.com | when deleting security group rules across accounts, the alibaba cloud account to which the source security group belongs. if the SourceGroupOwnerAccount and SourceGroupOwnerId are not set, it is considered to revoke the access rights of other security groups. if the parameter SourceCidrIp has been set, the parameter SourceGroupOwnerAccount is invalid. |
| ClientToken | BODY | string | No | 123e4567-e89b-12d3-a456-426655440000 | Ensure request idempotence. Generate a parameter value from your client to ensure that the parameter value is unique between different requests. ClientToken only supports ASCII characters and cannot exceed 64 characters. For more details, please refer to the section on how to ensure idempotence in the cloud server ECS development guide. |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| RequestID | string | 1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC | Request id |
Example
Successful Response example
{
"RequestID":"1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}