You can call this operation to create a security group. For a newly created security group, only ECS instances in the security group can access each other by default. Access requests to the security group from outside are restricted. If you want to accept requests from the Internet or requests from instances of other security groups, you can call the AuthorizeSecurityGroup operation to allow the requests.

Description

When you call this operation, take note of the following items:

  • You can create a maximum of 100 security groups within a single Alibaba Cloud region.
  • If you are creating a security group of the VPC type, you must specify the VpcId parameter.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateSecurityGroup

The operation that you want to perform. Set the value to CreateSecurityGroup.

RegionId String Yes cn-hangzhou

The region ID of the security group. You can call the DescribeRegions operation to query the most recent region list.

VpcId String No vpc-bp1opxu1zkhn00gzv****

The ID of the VPC to which the security group belongs.

Description String No testDescription

The description of the security group. The description must be 2 to 256 characters in length and cannot start with http:// or https://.

This parameter is empty by default.

ClientToken String No 123e4567-e89b-12d3-a456-426655440000

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must ensure that it is unique among different requests. The ClientToken value can only contain ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence.

SecurityGroupName String No testSecurityGroupName

The name of the security group. The name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). This parameter is empty by default.

SecurityGroupType String No enterprise

The type of the security group. Valid values:

  • normal: basic security group.
  • enterprise: advanced security group. For more information, see Advanced security group.
Tag.N.value String No null

The value of tag N of the security group.

Note We recommend that you use the Tag.N.Value parameter to ensure future compatibility.
Tag.N.key String No null

The key of tag N of the security group.

Note We recommend that you use the Tag.N.Key parameter to ensure future compatibility.
Tag.N.Key String No TestKey

The key of tag N of the security group. Valid values of N: 1 to 20. It cannot be an empty string. The tag key can be up to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.

Tag.N.Value String No TestValue

The value of tag N of the security group. Valid values of N: 1 to 20. It can be an empty string. The tag value can be up to 128 characters in length and cannot contain http:// or https://. It cannot start with acs:.

ResourceGroupId String No rg-bp67acfmxazb4p****

The ID of the enterprise resource group to which the security group belongs.

Response parameters

Parameter Type Example Description
RequestId String 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

The ID of the request.

SecurityGroupId String sg-bp1fg655nh68xyz9****

The ID of the security group.

Examples

Sample requests

https://ecs.aliyuncs.com/?Action=CreateSecurityGroup
&RegionId=cn-hangzhou
&Description=testDescription
&VpcId=vpc-bp1opxu1zkhn00gzv****
&<Common request parameters>

Sample success responses

XML format

<CreateSecurityGroupResponse>
      <RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
      <SecurityGroupId>sg-bp1fg655nh68xyz9****</SecurityGroupId>
</CreateSecurityGroupResponse>

JSON format

{
    "RequestId": "CEF72CEB-54B6-4AE8-B225-F876FF7BA984",
    "SecurityGroupId": "sg-bp1fg655nh68xyz9****"
}

Error codes

HTTP status code Error code Error message Description
400 InvalidDescription.Malformed The specified parameter "Description" is not valid. The error message returned because the specified Description parameter is invalid. The description must be 2 to 256 characters in length and cannot start with http:// or https://.
403 QuotaExceed.SecurityGroup The maximum number of security groups is reached. The error message returned because the maximum number of security groups has been reached. Submit a ticket to apply for a higher quota.
404 InvalidVpcId.NotFound Specified VPC does not exist. The error message returned because the specified VpcId parameter does not exist.
400 InvalidSecurityGroupName.Malformed Specified security group name is not valid. The error message returned because the specified SecurityGroupName parameter is invalid. The name is displayed in the console. By default, no name is specified for a security group. The name must be 2 to 128 characters in length. It must start with a letter and can contain letters, digits, colons (:), underscores (_), and hyphens (-). It cannot start with http:// or https://.
400 InvalidSecurityGroupDiscription.Malformed Specified security group description is not valid. The error message returned because the specified Description parameter is invalid.
500 InternalError The request processing has failed due to some unknown error. The error message returned because an internal error has occurred. Try again later. If the problem persists, submit a ticket.
403 InvalidVpcId.NotFound vpc id must not empty when only support vpc vm. The error message returned because the VpcId parameter is not specified.
400 IncorrectVpcStatus Current VPC status does not support this operation. The error message returned because the operation is not supported while the VPC is in the current state.
400 InvalidTagKey.Malformed Specified tag key is not valid. The error message returned because the specified tag key is invalid.
400 InvalidTagValue.Malformed Specified tag value is not valid. The error message returned because the specified tag value is invalid.
404 InvalidResourceGroup.NotFound The ResourceGroup provided does not exist in our records. The error message returned because the specified ResourceGroupId parameter does not exist.
400 Duplicate.TagKey The Tag.N.Key contain duplicate key. The error message returned because a tag with the identical key already exists. Tag keys must be unique.
400 InvalidTagKey.Malformed The specified Tag.n.Key is not valid. The error message returned because the specified Tag.N.Key parameter is invalid.
400 InvalidTagValue.Malformed The specified Tag.n.Value is not valid. The error message returned because the specified Tag.N.Value parameter is invalid.
403 IdempotentProcessing The previous idempotent request(s) is still processing. The error message returned because the previous idempotence request is being processed. Try again later.
403 QuotaExceed.Tags %s The error message returned because the maximum number of tags has been reached.
500 InternalError The request processing has failed due to some unknown error, exception or failure. The error message returned because an internal error has occurred. Try again later. If the problem persists, submit a ticket.

For a list of error codes, visit the API Error Center.