Creates a security group. By default, newly created security groups are only allowed permission to other instances within the security group. Access permission to other instances outside the group is restricted. If you want to accept requests from the Internet or requests from instances of other security groups, you can call AuthorizeSecurityGroup to allow the requests.
Description
When you call this operation, note that:
- You can create a maximum of 100 security groups within a single Alibaba Cloud region.
- If you are creating a security group of the VPC type, you must specify the VpcId parameter.
Debugging
You can use API Explorer to perform debugging. API Explorer allows you to perform various operations to simplify API usage. For example, you can retrieve APIs, call APIs, and dynamically generate SDK example code.
Request parameters
| Name | Type | Required | Example | Description |
|---|---|---|---|---|
| RegionId | String | Yes | cn-hangzhou |
The ID of the region to which the security group belongs. You can call DescribeRegions to view the latest regions of Alibaba Cloud. |
| Action | String | No | CreateSecurityGroup |
The operation that you want to perform. Set the value to CreateSecurityGroup. |
| ClientToken | String | No | 123e4567-e89b-12d3-a456-426655440000 |
A client token. It is used to ensure the idempotency of requests. The value of this parameter is generated by the client and is unique among different requests. The ClientToken parameter must be no more than 64 ASCII characters in length. For more information, see How to ensure idempotency. |
| Description | String | No | FinanceDept |
The description of the security group. The description must be 2 to 256 characters in length and cannot start with http:// or https://. Default value: null. |
| ResourceGroupId | String | No | rg-resourcegrouid |
The ID of the resource group to which the security group belongs. |
| SecurityGroupName | String | No | FinanceJoshua |
The name of the security group. The name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). Default value: null. |
| Tag.N.Key | String | No | FinanceDept |
The tag key of the security group. Valid values of N: 1 to 20. It cannot be a null string. It can be a maximum of 64 characters in length. It cannot start with aliyun or acs:. It cannot contain http:// or https://. |
| Tag.N.Value | String | No | FinanceDeptJoshua |
The tag value of the security group. Valid values of N: 1 to 20. It can be a null string. It can be a maximum of 128 characters in length. It cannot start with aliyun or acs:. It cannot contain http:// or https://. |
| Tag.N.key | String | No | FinanceDept |
The tag key of the security group. Note This parameter will be removed in the future. We recommend that you use the Tag.N.Key
parameter to ensure compatibility.
|
| Tag.N.value | String | No | FinanceDeptJoshua |
The tag value of the security group. Note This parameter will be removed in the future. We recommend that you use the Tag.N.Key
parameter to ensure compatibility.
|
| VpcId | String | No | v-vpcid1 |
The ID of the VPC to which the security group belongs. |
Response parameters
| Name | Type | Example | Description |
|---|---|---|---|
| RequestId | String | 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E |
The ID of the request. |
| SecurityGroupId | String | sg-F876FF7BA |
The ID of the security group. |
Examples
Sample requests
https://ecs.aliyuncs.com/?Action=CreateSecurityGroup
&RegionId=cn-hangzhou
&Description=for_demo
&<Common request parameters>Successful response examples
XML format
<CreateSecurityGroupResponse>
<RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
<SecurityGroupId>sg-F876FF7BA</SecurityGroupId>
</CreateSecurityGroupResponse>JSON format
{
"SecurityGroupId": "sg-F876FF7BA",
"RequestId":" CEF72CEB-54B6-4AE8-B225-F876FF7BA984"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 404 | InvalidVpcId.NotFound | Specified VPC does not exist. | The error message returned when the specified VPC does not belong to the specified region. |
| 403 | InvalidVpcId.NotFound | vpc id must not empty when only support vpc vm. | The error message returned when the VPC ID is not specified. |
| 400 | InvalidTagKey.Malformed | Specified tag key is not valid. | The error message returned when the specified tag key is invalid. |
| 400 | InvalidTagValue.Malformed | Specified tag value is not valid. | The error message returned when the specified tag value is invalid. |