Adds an Elastic Compute Service (ECS) instance or an elastic network interface (ENI) to a security group.
Operation description
Usage notes
Take note of the following items:
-
Before you add an instance to a security group, the instance must be in the Stopped or Running state.
-
An instance can be added to up to five security groups.
-
You can increase this number to 16 by submitting a ticket.
-
A basic security group can contain up to 2,000 instances. An advanced security group can contain up to 65,536 instances.
-
The security group and the instance must reside in the same region.
-
The security group and the instance must be of the same network type. If the network type is virtual private cloud (VPC), the security group and the instance must be in the same VPC.
-
An instance and an ENI cannot be added to a security group at the same time. You cannot configure the
InstanceId
andNetworkInterfaceId
parameters at the same time.
Debugging
Authorization information
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
SecurityGroupId | string | Yes | The ID of the security group. You can call the DescribeSecurityGroups operation to query the most recent security group list. | sg-bp67acfmxazb4p**** |
InstanceId | string | No | The instance ID. Note
If you configure this parameter, you cannot configure NetworkInterfaceId .
| i-bp67acfmxazb4p**** |
NetworkInterfaceId | string | No | The ENI ID. Note
If you configure this parameter, you cannot configure InstanceId .
| eni-bp13kd656hxambfe**** |
RegionId | string | No | The region ID. You can call the DescribeRegions operation to query the most recent region list.
| cn-hangzhou |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InstanceSecurityGroupLimitExceeded | Exceeding the allowed amount of security groups that an instance can be in. | - |
400 | InvalidInstanceId.Mismatch | Specified instance and security group are not in the same VPC. | The specified instance and security group do not belong to the same VPC, or one of the following cases has occurred: 1. The security group is of the VPC network type but the instance is not. 2. The instance is of the VPC network type but the security group is not. |
400 | InvalidInstanceId.Malformed | The specified parameter "InstanceId" is not valid. | - |
400 | InvalidOperation.NotSupportEnterpriseGroup | The specified instance type doesn't support enterprise level security group. | - |
400 | InvalidOperation.MultiGroupType | The specified instance can't join different types of security group. | - |
400 | InvalidOperation.InvalidEniState | %s | - |
400 | InvalidOperation.EniAndGroupNotBelongSameUser | %s | - |
400 | NotBelongUser | %s | You are not authorized to manage the specified resource. |
400 | MissingParameter.RegionId | The specified RegionId should not be null. | The RegionId parameter is required. |
403 | IncorrectInstanceStatus | The current status of the resource does not support this operation. | The resource is in a state that does not support the current operation. |
403 | InstanceLockedForSecurity | The specified operation is denied as your instance is locked for security reasons. | - |
403 | SecurityGroupInstanceLimitExceeded | The maximum number of instances in a security group is exceeded. | The maximum number of instances in the specified security group has been reached. |
403 | InvalidInstanceId.AlreadyExists | The specified instance already exists in the specified security group. | The specified instance is already present in the specified security group. |
403 | SecurityGroupInstanceLimitExceeded | %s | The maximum number of instances in the specified security group has been reached. |
403 | AclLimitExceed | %s | The number of ACL rules for an ENI or instance exceeds the upper limit. |
403 | InstanceSecurityGroupLimitExceeded | %s | - |
403 | InvalidOperation.NetworkInterfaceCountExceeded | The maximum number of NetworkInterface in a enterprise level security group is exceeded. | - |
403 | InvalidOperation.ResourceManagedByCloudProduct | %s | You cannot modify security groups managed by cloud services. |
403 | InvalidOperation.InvalidEniType | %s | - |
403 | InvalidOperation.VpcMismatch | %s | The operation is invalid. Check whether the VPC in the operation corresponds to other parameters. |
403 | InvalidOperation.EniServiceManaged | %s | The operation is invalid. |
403 | InvalidParam.Malformed | %s | - |
403 | InvalidParam.EniIdAndInstanceId.Conflict | %s | The InstanceId and NetworkInterfaceId parameters are mutually exclusive and cannot be both specified. |
403 | Forbidden.InstanceIsBeingCreated | The specified instance is being created. | The specified instance is being created. |
404 | InvalidSecurityGroupId.NotFound | The specified SecurityGroupId does not exist. | The specified security group does not exist in this account. Check whether the security group ID is correct. |
404 | InvalidInstanceId.NotFound | The specified InstanceId does not exist. | The specified instance does not exist. |
404 | InvalidEniId.NotFound | %s | The specified ENI ID does not exist. |
500 | InternalError | The request processing has failed due to some unknown error. | An internal error has occurred. Try again later. |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation |
---|