You can call this operation to create a security group. For a newly created security group, only ECS instances in the security group can access each other by default. Access requests to the security group from outside are restricted. If you want to accept requests from the Internet or requests from instances of other security groups, you can call the AuthorizeSecurityGroup operation to allow the requests.
Description
When you call this operation, take note of the following points:
- You can create a maximum of 100 security groups within a single Alibaba Cloud region.
- If you are creating a security group of the VPC type, you must specify the VpcId parameter.
Debugging
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | CreateSecurityGroup |
The operation that you want to perform. Set the value to CreateSecurityGroup. |
| RegionId | String | Yes | cn-hangzhou |
The ID of the region to which the security group belongs. You can call the DescribeRegions operation to query the most recent region list. |
| VpcId | String | No | vpc-bp1opxu1zkhn00gzv**** |
The ID of the VPC to which the security group belongs. |
| Description | String | No | SecurityGroupTestDescription |
The description of the security group. The description must be 2 to 256 characters in length and cannot start with http:// or https://. This parameter is empty by default. |
| ClientToken | String | No | 123e4567-e89b-12d3-a456-426655440000 |
The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must ensure that it is unique among different requests. The ClientToken value can only contain ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence. |
| SecurityGroupName | String | No | SecurityGroupTestName |
The name of the security group. The name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). This parameter is empty by default. |
| SecurityGroupType | String | No | enterprise |
The type of the security group. Valid values:
|
| Tag.N.value | String | No | null |
The value of tag N of the security group. Note We recommend that you use the Tag.N.Value parameter to ensure compatibility.
|
| Tag.N.key | String | No | null |
The key of tag N of the security group. Note We recommend that you use the Tag.N.Key parameter to ensure compatibility.
|
| Tag.N.Key | String | No | Test |
The key of tag N of the security group. Valid values of N: 1 to 20. The tag key cannot be an empty string. It can be up to 128 characters in length and cannot start with acs: or aliyun. It cannot contain http:// or https://. |
| Tag.N.Value | String | No | Test |
The value of tag N of the security group. Valid values of N: 1 to 20. The tag value can be an empty string. It can be up to 128 characters in length and cannot start with acs:. It cannot contain http:// or https://. |
| ResourceGroupId | String | No | rg-bp67acfmxazb4p**** |
The ID of the resource group to which the security group belongs. |
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| RequestId | String | 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E |
The ID of the request. |
| SecurityGroupId | String | sg-bp1fg655nh68xyz9**** |
The ID of the security group. |
Examples
Sample requests
https://ecs.aliyuncs.com/?Action=CreateSecurityGroup
&RegionId=cn-hangzhou
&Description=SecurityGroupTestDescription
&VpcId=vpc-bp1opxu1zkhn00gzv****
&<Common request parameters>Sample success responses
XML format
<CreateSecurityGroupResponse>
<RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
<SecurityGroupId>sg-bp18kz60mefs****</SecurityGroupId>
</CreateSecurityGroupResponse>JSON format
{
"RequestId": "CEF72CEB-54B6-4AE8-B225-F876FF7BA984"
"SecurityGroupId": "sg-bp1fg655nh68xyz9****"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | InvalidDescription.Malformed | The specified parameter "Description" is not valid. | The error message returned because the specified Description parameter is invalid. The description must be 2 to 256 characters in length and cannot start with http:// or https://. |
| 403 | QuotaExceed.SecurityGroup | The maximum number of security groups is reached. | The error message returned because the maximum number of security groups has been reached. Submit a ticket to apply for a higher quota. |
| 404 | InvalidVpcId.NotFound | Specified VPC does not exist. | The error message returned because the specified VpcId parameter does not exist. Check whether the VPC ID is correct. |
| 400 | InvalidSecurityGroupName.Malformed | Specified security group name is not valid. | The error message returned because the specified SecurityGroupName parameter is invalid. The name is displayed in the console. By default, no name is specified for a security group. The name must be 2 to 128 characters in length. It must start with a letter and can contain letters, digits, periods (.), underscores (_), and hyphens (-). It cannot start with http:// or https://. |
| 400 | InvalidSecurityGroupDiscription.Malformed | Specified security group description is not valid. | The error message returned because specified security group description is invalid. |
| 500 | InternalError | The request processing has failed due to some unknown error. | The error message returned because an internal error has occurred. Try again later. If the problem persists, submit a ticket. |
| 403 | InvalidVpcId.NotFound | vpc id must not empty when only support vpc vm. | The error message returned because the VpcId parameter is not specified. |
| 400 | IncorrectVpcStatus | Current VPC status does not support this operation. | The error message returned because the operation is not supported while the VPC is in the current state. |
| 400 | InvalidTagKey.Malformed | Specified tag key is not valid. | The error message returned because the specified tag key is invalid. |
| 400 | InvalidTagValue.Malformed | Specified tag value is not valid. | The error message returned because the specified tag value is invalid. |
| 404 | InvalidResourceGroup.NotFound | The ResourceGroup provided does not exist in our records. | The error message returned because the specified ResourceGroupId parameter does not exist. |
| 400 | Duplicate.TagKey | The Tag.N.Key contain duplicate key. | The error message returned because the specified tag key already exists. The tag key must be unique. |
| 400 | InvalidTagKey.Malformed | The specified Tag.n.Key is not valid. | The error message returned because the specified Tag.N.Key parameter is invalid. |
| 400 | InvalidTagValue.Malformed | The specified Tag.n.Value is not valid. | The error message returned because the specified Tag.N.Value parameter is invalid. |
| 403 | IdempotentProcessing | The previous idempotent request(s) is still processing. | The error message returned because the previous idempotence request is being processed. Try again later. |
| 403 | QuotaExceed.Tags | %s | The error message returned because the maximum number of tags has been reached. |
| 500 | InternalError | The request processing has failed due to some unknown error, exception or failure. | The error message returned because an internal error has occurred. Try again later. If the problem persists, submit a ticket. |
For a list of error codes, visit the API Error Center.