Creates a security group. For a new security group, only the access permission for instances within the security group is allowed by default, and access permission to other instances outside the group is restricted. If you want to accept requests from the Internet or requests of instances from other security groups, you can call AuthorizeSecurityGroup to allow the requests.

Description

When you call this interface, consider the following:

  • You can create 100 security groups at most.

  • VpcId must be specified if you are creating a VPC-Connected security group.

Request parameters

Name Type Required Description
Action String Yes The name of this interface. Value: CreateSecurityGroup.
RegionId String Yes The region ID to which the security group belongs. For more information, call DescribeRegions to obtain the latest region list.
SecurityGroupName String No The security group name.
  • Can contain [2, 128] characters in length. Must begin with an uppercase or lowercase English letter, or a Chinese character. Can contain digits, periods (.), colons (:), underscores (_), and hyphens (-).
  • Cannot begin with http:// or https://.
Default: empty.
Description String No The description of the security group.
  • Can contain [2, 256] characters in length.
  • You cannot start with http: // and https://.
Default: null.
VpcId String No The VPC ID to which the security group belongs.
ClientToken String No Guarantees the idempotence of the request. The value is generated by a client. It must be unique among all requests and contains a maximum of 64 ASCII characters. For more information, see How to ensure idempotence.

Response parameters

Name Type Description
SecurityGroupId String The ID of the security group.

Examples

Request example 
https://ecs.aliyuncs.com/?Action=CreateSecurityGroup
&RegionId=cn-hangzhou
&Description=for_demo
&<Common Request Parameters>
Response example

XML format 

<CreateSecurityGroupResponse>
    <RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
    <SecurityGroupId>sg-F876FF7BA</SecurityGroupId>
</CreateSecurityGroupResponse>
JSON format 
{
    "RequestId":"CEF72CEB-54B6-4AE8-B225-F876FF7BA984",
    "SecurityGroupId":"sg-F876FF7BA"
}

Error codes

Error codes specific to this interface are as follows. For more error codes, see API Error Center.

Error code Error message HTTP status code Meaning
IncorrectVpcStatus Current VPC status does not support this operation. 400 The specified VPC is either being created, edited, or deleted. Please try again later.
InvalidDescription.Malformed The specified parameter “Description” is not valid. 400 The specified Description is invalid.
InvalidSecurityGroupDiscription.Malformed Specified security group description is not valid. 400 The specified Description is invalid.
InvalidSecurityGroupName.Malformed Specified security group name is not valid. 400 The specified SecurityGroupName is invalid.
InvalidVpcId.NotFound vpc id must not empty when only support vpc vm. 403 The VpcId must be specified if you are creating a VPC-Connected security group.
QuotaExceed.SecurityGroup The maximum number of security groups is reached. 403 You can create 100 security groups at most.
InvalidRegionId.NotFound The specified RegionId does not exist. 404 The specified RegionId does not exist.
InvalidVpcId.NotFound Specified VPC does not exist. 404 The specified VPC does not belong to you.