Description
This operation allows you to create a security group. You can configure the firewall for a group of instances by configuring security group firewall rules. One security group can contain multiple instances. When creating a security group, consider the following:
- For a newly created security group, only the access permission for instances inside the same group is enabled, access permissions to others are disabled. If you permit access from instances in other groups or from the Internet, use the interface for granting security group permissions to modify the security group firewall rules.
- Firewall rules are differentiated between the intranet and internet.
- Up to 100 security groups can be created for one user.
- VpcId must be specified before a VPC security group is created.
Request parameters
| Name | Type | Required | Description |
|---|---|---|---|
| Action | String | Yes | Value: CreateSecurityGroup. |
| RegionId | String | Yes | Indicates the ID of the region where the security group belongs. |
| SecurityGroupName | String | No | Indicates the security group name. By default, the value is blank. The security group name can be 2 to 128 characters in length and:
|
| Description | String | No | The description of the security group instance can be 2 to 256 characters in length and cannot begin with http:// or https://. |
| VpcId | String | No | Indicates the ID of the VPC where the security group belongs. |
| ClientToken | String | No | Used to ensure the idempotence of the request. The value is generated by a client. It must be unique among all requests and contain up to 64 ASCII characters. For details, refer to the appendix How to Ensure Idempotence. |
Return parameters
| Name | Type | Description |
|---|---|---|
| SecurityGroupId | String | Indicates the ID of the security group. |
Error code
| Error code | Description | Http status code | Meaning |
|---|---|---|---|
| InvalidRegionId.NotFound | The specified RegionId does not exist. | 404 | The specified RegionId does not exist. |
| MissingParameter | The input parameter RegionId that is mandatory for processing this request is not supplied. | 400 | The regionId value is missing or the user might not be authorized to use the region. |
| InvalidSecurityGroupName.Malformed | Specified security group name is not valid. | 400 | The specified SecurityGroupName format is invalid. |
| InvalidDescription.Malformed | The specified parameter Description is not valid. | 400 | The specified DescriptionName format is illegal. |
| QuotaExceed.SecurityGroup | The maximum number of security groups is reached. | 403 | The number of security groups has exceeded the quota. |
| InvalidVpcId.NotFound | Specified VPC does not exist. | 403 | The specified VPC does not exist. |
Examples
Request example
https://ecs.aliyuncs.com/?Action=CreateSecurityGroup&RegionId=cn-hangzhou&Description=for_demo&<Public Request Parameters>
Return example
XML format
<CreateSecurityGroupResponse><RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId><SecurityGroupId>sg-F876FF7BA</SecurityGroupId></CreateSecurityGroupResponse>
JSON format
{"RequestId":"CEF72CEB-54B6-4AE8-B225-F876FF7BA984","SecurityGroupId":"sg-F876FF7BA"}