Creates a custom security policy.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateSecurityPolicy

The operation that you want to perform. Set the value to CreateSecurityPolicy.

ClientToken String No 593B0448-D13E-4C56-AC0D-FDF0FDE0E9A3

The client token that is used to ensure the idempotency. You can use the client to generate the value, but you must ensure that it is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length.

Note If you do not set this parameter, the system automatically uses the request ID as the client token. The ID of each request may be different.
DryRun Boolean No true

Specify whether to precheck this request. Valid values:

  • true: prechecks the API request. Resources are not created. The system checks whether the required parameters are set, and verifies the request format and the service limits. If the request fails the check, the corresponding error message is returned. If the request passes the precheck, the DryRunOperation error code is returned.
  • false: sends the request. This is the default value. If the request passes the precheck, a 2XX HTTP status code is returned and the operation is performed.
TLSVersions Array of String Yes TLSv1.0

The TLS protocol versions that are supported. Valid values: TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3.

ResourceGroupId String No rg-atstuj3rtop****

The ID of the resource group.

SecurityPolicyName String Yes test-secrity

The name of the security policy.

The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The name must start with a letter.

Ciphers Array of String Yes ECDHE-ECDSA-AES128-SHA

The supported cipher suites, which are determined by the TLS protocol version.

The specified cipher suites must be supported by at least one TLS protocol version that you select. For example, if you set the TLSVersions.N parameter to TLSv1.3, you can specify only cipher suites that are supported by this protocol version.

  • TLSv1.0 and TLSv1.1 support the following cipher suites:
    • AES128-SHA
    • AES256-SHA
    • DES-CBC3-SHA
  • TLSv1.2 supports the following cipher suites:
    • AES128-SHA
    • AES256-SHA
    • DES-CBC3-SHA
    • ECDHE-RSA-AES128-SHA256
    • ECDHE-RSA-AES256-SHA384
    • AES128-GCM-SHA256
    • AES256-GCM-SHA384
    • AES128-SHA256
    • AES256-SHA256
  • TLSv1.3 supports the following cipher suites:
    • TLS_AES_128_GCM_SHA256
    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_CCM_SHA256
    • TLS_AES_128_CCM_8_SHA256

Response parameters

Parameter Type Example Description
RequestId String 593B0448-D13E-4C56-AC0D-FDF0FDE0E9A3

The ID of the request.

SecurityPolicyId String scp-bp1bpn0kn9****

The ID of the security policy.


Sample requests

&Ciphers=[" ECDHE-ECDSA-AES128-SHA"]
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK


JSON format

HTTP/1.1 200 OK

  "RequestId" : "593B0448-D13E-4C56-AC0D-FDF0FDE0E9A3",
  "SecurityPolicyId" : "scp-bp1bpn0kn9****"

Error codes

HttpCode Error code Error message Description
400 QuotaExceeded.SecurityPoliciesNum The quota of %s is exceeded, usage %s/%s. The error message returned because the utilization %s has reached the upper limit %s.

For a list of error codes, visit the API Error Center.