All Products
Search
Document Center

Elastic Compute Service:JoinSecurityGroup

Last Updated:Mar 19, 2024

Adds an Elastic Compute Service (ECS) instance or an elastic network interface (ENI) to a security group.

Operation description

Usage notes

Note This operation is not recommended. We recommend that you call the ModifyInstanceAttribute operation to add an instance to or remove an instance from a security group, and call the ModifyNetworkInterfaceAttribute operation to add an ENI to or remove an ENI from a security group.

Take note of the following items:

  • Before you add an instance to a security group, the instance must be in the Stopped or Running state.

  • An instance can be added to up to five security groups.

  • You can increase this number to 16 by submitting a ticket.

  • A basic security group can contain up to 2,000 instances. An advanced security group can contain up to 65,536 instances.

  • The security group and the instance must reside in the same region.

  • The security group and the instance must be of the same network type. If the network type is virtual private cloud (VPC), the security group and the instance must be in the same VPC.

  • An instance and an ENI cannot be added to a security group at the same time. You cannot configure the InstanceId and NetworkInterfaceId parameters at the same time.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

ParameterTypeRequiredDescriptionExample
SecurityGroupIdstringYes

The ID of the security group. You can call the DescribeSecurityGroups operation to query the most recent security group list.

sg-bp67acfmxazb4p****
InstanceIdstringNo

The instance ID.

Note If you configure this parameter, you cannot configure NetworkInterfaceId.
i-bp67acfmxazb4p****
NetworkInterfaceIdstringNo

The ENI ID.

Note If you configure this parameter, you cannot configure InstanceId.
eni-bp13kd656hxambfe****
RegionIdstringNo

The region ID. You can call the DescribeRegions operation to query the most recent region list.

  • If you want to add an instance to a security group, you do not need to specify a region ID.
  • If you want to add an ENI to a security group, you must specify the region ID of the ENI.
cn-hangzhou

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The request ID.

473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

Examples

Sample success responses

JSONformat

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}

Error codes

HTTP status codeError codeError messageDescription
400InstanceSecurityGroupLimitExceededExceeding the allowed amount of security groups that an instance can be in.-
400InvalidInstanceId.MismatchSpecified instance and security group are not in the same VPC.The specified instance and security group do not belong to the same VPC, or one of the following cases has occurred: 1. The security group is of the VPC network type but the instance is not. 2. The instance is of the VPC network type but the security group is not.
400InvalidInstanceId.MalformedThe specified parameter "InstanceId" is not valid.-
400InvalidOperation.NotSupportEnterpriseGroupThe specified instance type doesn't support enterprise level security group.-
400InvalidOperation.MultiGroupTypeThe specified instance can't join different types of security group.-
400InvalidOperation.InvalidEniState%s-
400InvalidOperation.EniAndGroupNotBelongSameUser%s-
400NotBelongUser%sYou are not authorized to manage the specified resource.
400MissingParameter.RegionIdThe specified RegionId should not be null.The RegionId parameter is required.
403IncorrectInstanceStatusThe current status of the resource does not support this operation.The resource is in a state that does not support the current operation.
403InstanceLockedForSecurityThe specified operation is denied as your instance is locked for security reasons.-
403SecurityGroupInstanceLimitExceededThe maximum number of instances in a security group is exceeded.The maximum number of instances in the specified security group has been reached.
403InvalidInstanceId.AlreadyExistsThe specified instance already exists in the specified security group.The specified instance is already present in the specified security group.
403SecurityGroupInstanceLimitExceeded%sThe maximum number of instances in the specified security group has been reached.
403AclLimitExceed%sThe number of ACL rules for an ENI or instance exceeds the upper limit.
403InstanceSecurityGroupLimitExceeded%s-
403InvalidOperation.NetworkInterfaceCountExceededThe maximum number of NetworkInterface in a enterprise level security group is exceeded.-
403InvalidOperation.ResourceManagedByCloudProduct%sYou cannot modify security groups managed by cloud services.
403InvalidOperation.InvalidEniType%s-
403InvalidOperation.VpcMismatch%sThe operation is invalid. Check whether the VPC in the operation corresponds to other parameters.
403InvalidOperation.EniServiceManaged%sThe operation is invalid.
403InvalidParam.Malformed%s-
403InvalidParam.EniIdAndInstanceId.Conflict%sThe InstanceId and NetworkInterfaceId parameters are mutually exclusive and cannot be both specified.
403Forbidden.InstanceIsBeingCreatedThe specified instance is being created.The specified instance is being created.
404InvalidSecurityGroupId.NotFoundThe specified SecurityGroupId does not exist.The specified security group does not exist in this account. Check whether the security group ID is correct.
404InvalidInstanceId.NotFoundThe specified InstanceId does not exist.The specified instance does not exist.
404InvalidEniId.NotFound%sThe specified ENI ID does not exist.
500InternalErrorThe request processing has failed due to some unknown error.An internal error has occurred. Try again later.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
No change history