This topic describes how to call the AuthorizeSecurityGroup operation by using Alibaba Cloud CLI to add an inbound rule to a security group.

Background information

You can call the AuthorizeSecurityGroup operation to add an inbound rule to a security group to specify whether ECS instances in the security group can be accessed by devices outside the security group. We recommend that you read the description of the operation before you call the operation. For more information, see AuthorizeSecurityGroup.

When you call an API operation through Alibaba Cloud CLI, make sure that request parameter values of different data types are in required formats. For more information, see Parameter format overview.

Request examples

  1. Call the DescribeSecurityGroups operation to query the ID of the security group to which you want to add an inbound rule.

    In this example, the security group name namedemo is used to query the ID of the security group.

    aliyun ecs DescribeSecurityGroups --RegionId cn-hangzhou --SecurityGroupName namedemo --DryRun false --output cols=SecurityGroupId rows=SecurityGroups.SecurityGroup[]
    Sample response:
    SecurityGroupId
    ---------------
    sg-bp1i4c0xgqxadew2****
  2. Add an inbound rule to the security group.

    In this example, the inbound rule where the transport layer protocol is TCP, the enabled port number is 80, the authorization object is 0.0.0.0/0, and the priority is 1 is added to the sg-bp1i4c0xgqxadew2**** security group.

    aliyun ecs AuthorizeSecurityGroup --RegionId cn-hangzhou --SecurityGroupId sg-bp1i4c0xgqxadew2**** --IpProtocol tcp --PortRange 80/80 --SourceCidrIp 0.0.0.0/0 --Priority 1

Result

{
        "RequestId": "435DAD23-DFB4-49D3-A1A7-271100CB4982"
}