Last Updated: Dec 14, 2017


This operation allows you to create a security group. You can configure the firewall for a group of instances by configuring security group firewall rules. One security group can contain multiple instances. When creating a security group, consider the following:

  • For a new security group, only the access permission for instances inside the same group is enabled, access permissions to others are disabled. If you permit access from instances in other groups or from the Internet, use the interface for granting security group permissions to modify the security group firewall rules.
  • Firewall rules are differentiated between the intranet and Internet.
  • Up to 100 security groups can be created for one user.
  • VpcId must be specified before a VPC security group is created.

Request parameters

Name Type Required Description
Action String Yes The name of this interface. Value: CreateSecurityGroup.
RegionId String Yes Indicates the ID of the region where the security group belongs. See Regions and zones for more information.
SecurityGroupName String No Indicates the security group name. By default, the value is blank. The security group name can be 2 to 128 characters in length and:
  • Must begin with an uppercase or lowercase English letter, or Chinese character
  • Can contain digits, “.”, “_“, and “-“
  • Cannot begin with http:// or https://
Description String No The description of the security group instance can be 2 to 256 characters in length and cannot begin with http:// or https://.
VpcId String No Indicates the ID of the VPC where the security group belongs.
ClientToken String No Used to guarantee the idempotence of the request. The value is generated by a client. It must be unique among all requests and contain up to 64 ASCII characters. For more information, see the appendix How to ensure idempotence.

Response parameters

Name Type Description
SecurityGroupId String Indicates the ID of the security group.

Error codes

Error code Error message HTTP status code Meaning
InvalidRegionId.NotFound The specified RegionId does not exist. 404 The specified RegionId does not exist.
MissingParameter The input parameter RegionId that is mandatory for processing this request is not supplied. 400 The regionId value is missing or the user may not be authorized to use the region.
InvalidSecurityGroupName.Malformed Specified security group name is not valid. 400 The specified SecurityGroupName format is invalid.
InvalidDescription.Malformed The specified parameter Description is not valid. 400 The specified DescriptionName format is invalid.
QuotaExceed.SecurityGroup The maximum number of security groups is reached. 403 The number of security groups has exceeded the quota.
InvalidVpcId.NotFound Specified VPC does not exist. 403 The specified VPC does not exist.


Request example

  2. &RegionId=cn-hangzhou
  3. &Description=for_demo
  4. &<Common Request Parameters>

Response example

XML format

  1. <CreateSecurityGroupResponse>
  2. <RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
  3. <SecurityGroupId>sg-F876FF7BA</SecurityGroupId>
  4. </CreateSecurityGroupResponse>

JSON format

  1. {
  2. "RequestId":"CEF72CEB-54B6-4AE8-B225-F876FF7BA984",
  3. "SecurityGroupId":"sg-F876FF7BA"
  4. }
Thank you! We've received your feedback.