CreateSecurityGroup - API Reference| Alibaba Cloud Documentation Center

Creates a security group. For a new security group, only the access permission for instances within the security group is allowed by default, and access permission to other instances outside the group is restricted. If you want to accept requests from the Internet or requests of instances from other security groups, you can call AuthorizeSecurityGroup to allow the requests.

Description

When you call this interface, consider the following:

You can create 100 security groups at most.
VpcId must be specified if you are creating a VPC-Connected security group.

Request parameters


Name	Type	Required	Description
Action	String	Yes	The name of this interface. Value: CreateSecurityGroup.
RegionId	String	Yes	The region ID to which the security group belongs. For more information, call DescribeRegions to obtain the latest region list.
SecurityGroupName	String	No	The security group name. Can contain [2, 128] characters in length. Must begin with an uppercase or lowercase English letter, or a Chinese character. Can contain digits, periods (.), colons (:), underscores (_), and hyphens (-). Cannot begin with http:// or https://. Default: empty.
Description	String	No	The description of the security group. Can contain [2, 256] characters in length. You cannot start with http: // and https://. Default: null.
VpcId	String	No	The VPC ID to which the security group belongs.
Tag.n.Key	String	Yes	The key of a tag of which n is from 1 to 20. Once you use this parameter, it cannot be a null string. It can be up to 64 characters in length. It cannot begin with "aliyun", "acs:", "http://", or "https://".
Tag.n.Value	String	Yes	The value of a tag of which n is a number from 1 to 20. Once you use this parameter, it can be a null string. It can be up to 128 characters in length. It cannot begin with "aliyun", "acs:", "http://", or "https://".
ClientToken	String	No	Guarantees the idempotence of the request. The value is generated by a client. It must be unique among all requests and contains a maximum of 64 ASCII characters. For more information, see How to ensure idempotence.

Response parameters


Name	Type	Description
SecurityGroupId	String	The ID of the security group.

Examples

Request example

https://ecs.aliyuncs.com/?Action=CreateSecurityGroup
&RegionId=cn-hangzhou
&Description=for_demo
&<Common Request Parameters>

Response example

XML format

<CreateSecurityGroupResponse>
    <RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
    <SecurityGroupId>sg-F876FF7BA</SecurityGroupId>
</CreateSecurityGroupResponse>

JSON format

{
    "RequestId":"CEF72CEB-54B6-4AE8-B225-F876FF7BA984",
    "SecurityGroupId":"sg-F876FF7BA"
}

Error codes

Error codes specific to this interface are as follows. For more information, see API Error Center.


Error code	Error message	HTTP status code	Meaning
IncorrectVpcStatus	Current VPC status does not support this operation.	400	The specified VPC is either being created, edited, or deleted. Please try again later.
InvalidDescription.Malformed	The specified parameter “Description” is not valid.	400	The specified `Description` is invalid.
InvalidSecurityGroupDiscription.Malformed	Specified security group description is not valid.	400	The specified `Description` is invalid.
InvalidSecurityGroupName.Malformed	Specified security group name is not valid.	400	The specified `SecurityGroupName` is invalid.
InvalidVpcId.NotFound	vpc id must not empty when only support vpc vm.	403	The `VpcId` must be specified if you are creating a VPC-Connected security group.
QuotaExceed.SecurityGroup	The maximum number of security groups is reached.	403	You can create 100 security groups at most.
InvalidRegionId.NotFound	The specified RegionId does not exist.	404	The specified `RegionId` does not exist.
InvalidVpcId.NotFound	Specified VPC does not exist.	404	The specified VPC does not belong to you.