Removes an Elastic Compute Service (ECS) instance or an elastic network interface (ENI) from a security group.
Operation description
Note
This operation is not recommended. We recommend that you call the ModifyInstanceAttribute operation to add an instance to or remove an instance from a security group, and call the ModifyNetworkInterfaceAttribute operation to add an ENI to or remove an ENI from a security group.
When you call this operation, take note of the following items:
- Before you remove an instance from a security group, the instance must be in the Stopped or Running state.
- An instance must belong to at least one security group. Therefore, if the instance that you want to remove belongs to only one security group, the LeaveSecurityGroup operation fails.
- You cannot remove an instance and an ENI from a security group at the same time. This indicates that you cannot configure both
InstanceId
andNetworkInterfaceId
in a request.
Debugging
Authorization information
There is currently no authorization information disclosed in the API.
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
SecurityGroupId | string | Yes | The security group ID. | sg-bp67acfmxazb4p**** |
InstanceId | string | No | The instance ID. Note
If you configure this parameter, you cannot configure NetworkInterfaceId .
| i-bp67acfmxazb4p**** |
NetworkInterfaceId | string | No | The ENI ID. Note
If you configure this parameter, you cannot configure InstanceId .
| eni-bp13kd656hxambfe**** |
RegionId | string | No | The region ID. You can call the DescribeRegions operation to query the most recent region list.
| cn-hangzhou |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidInstanceId.Malformed | The specified parameter "InstanceId" is not valid. | - |
400 | MissingParameter.RegionId | The specified RegionId should not be null. | The RegionId parameter is required. |
400 | InvalidOperation.InvalidEniState | %s | - |
403 | InstanceLastSecurityGroup | The specified security group is the last security group for the instance. | The specified security group is the only security group to which the instance belongs. |
403 | IncorrectInstanceStatus | The current status of the resource does not support this operation. | The resource is in a state that does not support the current operation. |
403 | InstanceLockedForSecurity | The specified operation is denied as your instance is locked for security reasons. | - |
403 | InstanceNotInSecurityGroup | The instance not in the group. | The specified instance does not belong to the security group. |
403 | InvalidOperation.ResourceManagedByCloudProduct | %s | You cannot modify security groups managed by cloud services. |
403 | InvalidOperation.AtLeastInOneGroup | %s | - |
403 | InvalidOperation.EniServiceManaged | %s | The operation is invalid. |
403 | InvalidOperation.InvalidEniType | %s | - |
403 | InvalidParam.Malformed | %s | - |
403 | InvalidParam.EniIdAndInstanceId.Conflict | %s | The InstanceId and NetworkInterfaceId parameters are mutually exclusive and cannot be both specified. |
404 | InvalidInstanceId.NotFound | The specified InstanceId does not exist. | The specified instance does not exist. |
404 | InvalidSecurityGroupId.NotFound | The specified SecurityGroupId does not exist. | The specified security group does not exist in this account. Check whether the security group ID is correct. |
404 | InvalidEniId.NotFound | %s | The specified ENI ID does not exist. |
504 | RequestTimeout | The request encounters an upstream server timeout. | The request is denied due to a timeout error of the upstream server. |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation |
---|
No change history