Creates a security group. By default, a security group allows only instances in the security group to access each other. Access requests from outside the security group are denied. If you want to allow requests over the Internet or from instances in other security groups, you can call the AuthorizeSecurityGroup operation.
Operation description
When you call this operation, take note of the following items:
- You can create up to 100 security groups in a single Alibaba Cloud region.
- To create a security group of the Virtual Private Cloud (VPC) type, you must specify the VpcId parameter.
Debugging
Authorization information
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
RegionId | string | Yes | The region ID of the security group. You can call the DescribeRegions operation to query the most recent region list. | cn-hangzhou |
Description | string | No | The description of the security group. The description must be 2 to 256 characters in length. It cannot start with By default, this parameter is left empty. | testDescription |
ClientToken | string | No | The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence. | 123e4567-e89b-12d3-a456-426655440000 |
SecurityGroupName | string | No | The name of the security group. The name must be 2 to 128 characters in length. It must start with a letter but cannot start with | testSecurityGroupName |
VpcId | string | No | The ID of the VPC in which you want to create the security group. Note
The VpcId parameter is required only if you want to create security groups of the VPC type. In regions that support the classic network, you can create security groups of the classic network type without the need to specify the VpcId parameter.
| vpc-bp1opxu1zkhn00gzv**** |
SecurityGroupType | string | No | The type of the security group. Valid values:
| enterprise |
ServiceManaged | boolean | No | This parameter is not publicly available. | false |
ResourceGroupId | string | No | The ID of the resource group to which the security group belongs. | rg-bp67acfmxazb4p**** |
Tag | object [] | No | The tags that you want to add to the security group. | |
key | string | No | The key of the tag. Note
This parameter will be removed in the future. We recommend that you use the Tag.N.Key parameter to ensure future compatibility.
| null |
Key | string | No | The key of tag N. Valid values of N: 1 to 20. You cannot specify empty strings as tag keys. The tag key must be 1 to 128 characters in length and cannot contain | TestKey |
Value | string | No | The value of tag N. Valid values of N: 1 to 20. The tag value can be an empty string. It can be up to 128 characters in length and cannot start with acs: or contain | TestValue |
value | string | No | The value of the tag. Note
This parameter will be removed in the future. We recommend that you use the Tag.N.Value parameter to ensure future compatibility.
| null |
Response parameters
Examples
Sample success responses
JSON
format
{
"SecurityGroupId": "sg-bp1fg655nh68xyz9****",
"RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidDescription.Malformed | The specified parameter "Description" is not valid. | The source description can be 2 to 256 characters in length. It cannot start with http:// and https://. |
400 | InvalidSecurityGroupName.Malformed | Specified security group name is not valid. | The specified SecurityGroupName parameter is invalid. This parameter is empty by default. If you specify a security group name, the name must be 2 to 128 characters in length and start with a letter. It can contain letters, digits, periods (.), underscores (_), and hyphens (-) and cannot start with http:// or https. The security group name is displayed in the ECS console. |
400 | InvalidSecurityGroupDiscription.Malformed | Specified security group description is not valid. | The specified security group description is invalid. |
400 | IncorrectVpcStatus | Current VPC status does not support this operation. | The VPC is in a state that does not support the current operation. |
400 | InvalidTagKey.Malformed | Specified tag key is not valid. | The specified tag key is invalid. |
400 | InvalidTagValue.Malformed | Specified tag value is not valid. | The specified tag value is invalid. |
400 | Duplicate.TagKey | The Tag.N.Key contain duplicate key. | The specified tag key already exists. Tag keys must be unique. |
400 | InvalidTagKey.Malformed | The specified Tag.n.Key is not valid. | The specified Tag.N.Key parameter is invalid. |
400 | InvalidTagValue.Malformed | The specified Tag.n.Value is not valid. | The specified tag value is invalid. |
400 | InvalidParams.GroupType | The specified security group type is not valid. | The specified SecurityGroupType parameter is invalid. |
400 | InvalidParams.VpcIdGroupType | Only VPC instance supports enterprise level security group. | Only ECS instances that reside in VPCs support advanced security groups. |
403 | QuotaExceed.SecurityGroup | The maximum number of security groups is reached. | The maximum number of security groups has been reached. |
403 | InvalidVpcId.NotFound | vpc id must not empty when only support vpc vm. | - |
403 | IdempotentProcessing | The previous idempotent request(s) is still processing. | A previous idempotent request is being processed. Try again later. |
403 | QuotaExceed.Tags | %s | The number of specified tags exceeds the upper limit. %s is a variable. An error message is dynamically returned based on call conditions. |
403 | InvalidOperation.ResourceManagedByCloudProduct | %s | You cannot modify security groups managed by cloud services. |
404 | InvalidRegionId.NotFound | The RegionId provided does not exist in our records. | The RegionId provided does not exist |
404 | InvalidVpcId.NotFound | Specified VPC does not exist. | The specified VPC ID does not exist. |
404 | InvalidResourceGroup.NotFound | The ResourceGroup provided does not exist in our records. | The specified resource group does not exist. |
404 | InvalidRegionId.NotFound | The specified parameter RegionId is not valid. | The specified RegionId parameter does not exist. Check whether the service is available in the specified region. |
500 | InternalError | The request processing has failed due to some unknown error. | An internal error has occurred. Try again later. |
500 | InternalError | The request processing has failed due to some unknown error, exception or failure. | An internal error has occurred. Try again later. |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
2023-04-07 | The Error code has changed | see changesets | ||||||||||
|