You can call this operation to remove an ECS instance from a specified security group.

Description

When you call this operation, take note of the following points:

  • Before you remove an instance from a security group, the instance must be in the Stopped or Running state.
  • An instance must belong to at least one security group. Therefore, if the instance to be removed belongs to only a single security group, the LeaveSecurityGroup request fails.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
InstanceId String Yes i-bp67acfmxazb4ph***

The ID of the instance.

SecurityGroupId String Yes sg-bp67acfmxazb4ph***

The ID of the security group.

Action String No LeaveSecurityGroup

The operation that you want to perform. Set the value to LeaveSecurityGroup.

Response parameters

Parameter Type Example Description
RequestId String 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

The ID of the request.

Examples

Sample requests

https://ecs.aliyuncs.com/?Action=LeaveSecurityGroup
&InstanceId=i-bp67acfmxazb4ph***
&SecurityGroupId=sg-bp67acfmxazb4ph***
&<Common request parameters>

Sample success responses

XML format

<LeaveSecurityGroupResponse>
      <RequestId>473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E</RequestId>
</LeaveSecurityGroupResponse>

JSON format

{
	"RequestId":"473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}

Error codes

HTTP status code Error code Error message Description
404 InvalidInstanceId.NotFound The specified InstanceId does not exist. The error message returned because the specified InstanceId parameter does not exist. Check whether the instance ID is correct.
404 InvalidSecurityGroupId.NotFound The specified SecurityGroupId does not exist. The error message returned because the specified SecurityGroupId parameter does not exist under this account. Check whether the security group ID is correct.
403 InstanceLastSecurityGroup The specified security group is the last security group for the instance. The error message returned because the specified security group is the only security group to which the instance belongs.
403 IncorrectInstanceStatus The current status of the resource does not support this operation. The error message returned because the operation is not supported while the resource is in the current state.
403 InstanceLockedForSecurity The specified operation is denied as your instance is locked for security reasons. The error message returned because the operation is not supported while the instance is locked for security reasons.
403 InstanceNotInSecurityGroup The instance not in the group. The error message returned because the specified instance does not belong to the specified security group.
504 RequestTimeout The request encounters an upstream server timeout. The error message returned because the request encounters an upstream server timeout.
400 InvalidInstanceId.Malformed The specified parameter "InstanceId" is not valid. The error message returned because the specified InstanceId parameter is invalid.

For a list of error codes, visit the API Error Center.