DescribeSecurityGroupAttribute - Elastic Compute Service

Queries the rules of a security group.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
SecurityGroupId	string	Yes	The ID of the security group.	sg-bp1gxw6bznjjvhu3****
RegionId	string	Yes	The region ID of the security group. You can call the DescribeRegions operation to query the most recent region list.	cn-hangzhou
NicType	string	No	The network interface card (NIC) type of the security group rule. Valid values for rules of security groups in the classic network: internet (default) intranet NoteYou can query security group rules of only one NIC type in a single call. To query security group rules of both NIC types, call the operation twice. If the security group is in a virtual private cloud (VPC), set the value to intranet. This is also the default value. NoteIf you set this parameter to internet or leave this parameter empty, the value of intranet is automatically used.	intranet
Direction	string	No	The direction in which the security group rule is applied. Valid values: egress: outbound. ingress: inbound. all: outbound and inbound. Default value: all.	all

Response parameters

Parameter	Type	Description	Example
	object
VpcId	string	The ID of the VPC. If a VPC ID is returned, the network type of the security group is VPC. If no VPC ID is returned, the network type of the security group is classic network.	vpc-bp1opxu1zkhn00gzv****
RequestId	string	The ID of the request.	473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E
InnerAccessPolicy	string	The access control policy of the security group. Valid values: Accept: All instances in the security group can communicate with each other. Drop: All instances in the security group are isolated from each other.	Accept
Description	string	The description of the security group.	This is description.
SecurityGroupId	string	The ID of the destination security group.	sg-bp1gxw6bznjjvhu3****
SecurityGroupName	string	The name of the destination security group.	SecurityGroupName Sample
RegionId	string	The ID of the region.	cn-hangzhou
Permissions	object []	Details about the security group rules.
SecurityGroupRuleId	string	The ID of the security group rule.	sgr-bp12kewq32dfwrdi****
Direction	string	The direction in which the security group rule is applied.	ingress
SourceGroupId	string	The source security group for inbound access control.	sg-bp12kc4rqohaf2js****
DestGroupOwnerAccount	string	The Alibaba Cloud account that manages the destination security group.	1234567890
DestPrefixListId	string	The ID of the destination prefix list for outbound access control.	pl-x1j1k5ykzqlixabc****
DestPrefixListName	string	The name of the destination prefix list.	DestPrefixListName Sample
SourceCidrIp	string	The source CIDR block for inbound access control.	0.0.0.0/0
Ipv6DestCidrIp	string	The destination IPv6 CIDR block.	2001:db8:1233:1a00::***
CreateTime	string	The time at which the security group rule was created. The time is displayed in UTC.	2018-12-12T07:28:38Z
Ipv6SourceCidrIp	string	The source IPv6 CIDR block.	2001:db8:1234:1a00::***
DestGroupId	string	The ID of the destination security group for outbound access control.	sg-bp1czdx84jd88i7v****
DestCidrIp	string	The destination CIDR block for outbound access control.	0.0.0.0/0
IpProtocol	string	The transport layer protocol.	TCP
Priority	string	The priority of the rule.	1
DestGroupName	string	The name of the destination security group.	testDestGroupName
NicType	string	The network type.	intranet
Policy	string	The access control policy.	Accept
Description	string	The description of the security group.	Description Sample 01
PortRange	string	The port range.	80/80
SourcePrefixListName	string	The name of the source prefix list.	SourcePrefixListName Sample
SourcePrefixListId	string	The ID of the source prefix list for inbound access control.	pl-x1j1k5ykzqlixdcy****
SourceGroupOwnerAccount	string	The Alibaba Cloud account that manages the source security group.	1234567890
SourceGroupName	string	The name of the source security group.	testSourceGroupName1
SourcePortRange	string	The source port range.	80/80

Examples

Sample success responses

JSONformat

{
  "VpcId": "vpc-bp1opxu1zkhn00gzv****",
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E",
  "InnerAccessPolicy": "Accept",
  "Description": "This is description.",
  "SecurityGroupId": "sg-bp1gxw6bznjjvhu3****",
  "SecurityGroupName": "SecurityGroupName Sample",
  "RegionId": "cn-hangzhou",
  "Permissions": {
    "Permission": [
      {
        "SecurityGroupRuleId": "sgr-bp12kewq32dfwrdi****",
        "Direction": "ingress",
        "SourceGroupId": "sg-bp12kc4rqohaf2js****",
        "DestGroupOwnerAccount": "1234567890",
        "DestPrefixListId": "pl-x1j1k5ykzqlixabc****",
        "DestPrefixListName": "DestPrefixListName Sample",
        "SourceCidrIp": "0.0.0.0/0",
        "Ipv6DestCidrIp": "2001:db8:1233:1a00::***",
        "CreateTime": "2018-12-12T07:28:38Z",
        "Ipv6SourceCidrIp": "2001:db8:1234:1a00::***",
        "DestGroupId": "sg-bp1czdx84jd88i7v****",
        "DestCidrIp": "0.0.0.0/0",
        "IpProtocol": "TCP",
        "Priority": "1",
        "DestGroupName": "testDestGroupName",
        "NicType": "intranet",
        "Policy": "Accept",
        "Description": "Description Sample 01",
        "PortRange": "80/80",
        "SourcePrefixListName": "SourcePrefixListName Sample",
        "SourcePrefixListId": "pl-x1j1k5ykzqlixdcy****",
        "SourceGroupOwnerAccount": "1234567890",
        "SourceGroupName": "testSourceGroupName1",
        "SourcePortRange": "80/80"
      }
    ]
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidNicType.ValueNotSupported	The specified NicType does not exist.	The specified NicType parameter does not exist.
400	InvalidParamter	Invalid Parameter.	The specified parameter is invalid.
400	InvalidSecurityGroupId.Malformed	The specified parameter "SecurityGroupId" is not valid.	-
400	MissingParameter.RegionId	The parameter "RegionId" should not be null.	-
404	InvalidRegionId.NotFound	The specified RegionId does not exist.	The specified region ID does not exist.
404	InvalidSecurityGroupId.NotFound	The specified SecurityGroupId does not exist.	The specified security group does not exist in this account. Check whether the security group ID is correct.
500	InternalError	The request processing has failed due to some unknown error.	An internal error has occurred. Try again later.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history