Use DescribeSecurityGroups to query security groups - Elastic Compute Service - Alibaba Cloud - Elastic Compute Service

This API operation is used to query a list of basic information about security groups. You can query by different parameters such as region, security group ID, and security group type.

Operation description

Paged queries: We recommend that you use the MaxResults and NextToken parameters for queries.
- When the response does not contain NextToken, the current page is the last page and no more pages are available.
- When querying the first page, you only need to set MaxResults to limit the number of entries returned. The NextToken in the response is used as the token for querying subsequent pages.
- When querying subsequent pages, set the NextToken parameter to the NextToken value obtained from the previous response as the query token, and set MaxResults to limit the number of entries returned.
When calling the API through Alibaba Cloud CLI, the values of request parameters of different data types must follow certain format requirements. For more information, see CLI parameter format description.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

ecs:DescribeSecurityGroups

get

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/*

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag
ecs:tag
ecs:tag
ecs:tag

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID. You can call DescribeRegions to query the latest region list of Alibaba Cloud.	cn-hangzhou
SecurityGroupIds	string	No	The list of security group IDs. A maximum of 100 security group IDs are supported at a time. The IDs are separated by commas (,) in the format of a JSON array.	["sg-bp67acfmxazb4p**", "sg-bp67acfmxazb4p", "sg-bp67acfmxazb4p**",....]
VpcId	string	No	The ID of the VPC to which the security group belongs.	vpc-bp67acfmxazb4p****
SecurityGroupType	string	No	The type of the security group. Valid values: normal: basic security group. enterprise: advanced security group. Note If you do not specify this parameter, all types of security groups are queried.	normal
NextToken	string	No	The query token. Set the value to the NextToken value returned in the previous call to this operation. You do not need to set this parameter for the first call.	e71d8a535bd9cc11
MaxResults	integer	No	The maximum number of entries per page for a paged query. Once this parameter is set, the query uses the combination of `MaxResults` and `NextToken` parameters. Maximum value: 100. Default value: 10.	10
NetworkType	string	No	The network type of the security group. Valid values: vpc: Virtual Private Cloud (VPC). classic: classic network.	vpc
SecurityGroupName	string	No	The name of the security group.	SGTestName
IsQueryEcsCount	boolean	No	Specifies whether to query the capacity information of the security group. When set to True, the `EcsCount` and `AvailableInstanceAmount` values in the response are valid. Note This parameter is deprecated.	null
ResourceGroupId	string	No	The ID of the resource group to which the security group belongs. When you use this parameter to filter resources, the number of resources cannot exceed 1000. You can call ListResourceGroups to query the list of resource groups. Note Filtering by the default resource group is not supported.	rg-bp67acfmxazb4p****
Tag	array<object>	No	The list of tags.
	object	No	The list of tags.
key	string	No	The tag key of the security group. Note For better compatibility, we recommend that you use the Tag.N.Key parameter.	testkey
Key	string	No	The tag key of the security group. Valid values of N: 1 to 20. When you use a single tag to filter resources, the number of resources with the tag cannot exceed 1000. When you use multiple tags to filter resources, the number of resources bound with all specified tags cannot exceed 1000. If the number of resources exceeds 1000, use the ListTagResources operation to query.	TestKey
Value	string	No	The tag value of the security group. Valid values of N: 1 to 20.	TestValue
value	string	No	The tag value of the security group. Note For better compatibility, we recommend that you use the Tag.N.Value parameter.	testvalue
DryRun	boolean	No	Specifies whether to perform only a dry run, without performing the actual request. Valid values: true: performs only a dry run. The system checks the request for potential issues, including AccessKey validity, RAM user authorization, and required parameters. If the check fails, the corresponding error is returned. If the check succeeds, the DryRunOperation error code is returned. false: performs a dry run and performs the actual request. If the check succeeds, a 2XX HTTP status code is returned and the resource status is queried. Default value: false.	false
SecurityGroupId	string	No	The ID of the security group.	sg-bp67acfmxazb4p****
FuzzyQuery	boolean	No	Note This parameter is deprecated.	null
PageNumber	integer	No	Note This parameter is about to be deprecated. We recommend that you use NextToken and MaxResults for paged queries.	1
PageSize	integer	No	Note This parameter is about to be deprecated. We recommend that you use NextToken and MaxResults for paged queries.	10
ServiceManaged	boolean	No	Specifies whether the security group is managed. Valid values: true: The security group is managed. false: The security group is not managed.	false

Response elements

Element	Type	Description	Example
	object
RequestId	string	The request ID.	473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E
RegionId	string	The region ID of the security group.	cn-hangzhou
NextToken	string	The query token returned in this call. When you use the MaxResults and NextToken method for paged queries and this return value is empty, no more data is available.	e71d8a535bd9cc11
SecurityGroups	object
SecurityGroup	array<object>	The collection of security group information.
	array<object>	The security group information.
SecurityGroupId	string	The ID of the security group.	sg-bp67acfmxazb4p****
SecurityGroupName	string	The name of the security group.	SGTestName
Description	string	The description of the security group.	TestDescription
SecurityGroupType	string	The type of the security group. Valid values: normal: basic security group enterprise: advanced security group	normal
VpcId	string	The ID of the VPC to which the security group belongs.	vpc-bp67acfmxazb4p****
CreationTime	string	The time when the security group was created. The time follows the ISO 8601 standard in the yyyy-MM-ddThh:mmZ format. The time is displayed in UTC.	2021-08-31T03:12:29Z
EcsCount	integer	The number of private IP addresses that are contained in the security group. For more information, see the "Security group capacity" section in Basic security groups and advanced security groups. If you set IsQueryEcsCount to True, the return value of EcsCount is valid. Note This parameter is deprecated. The returned quantity is provided only for reference. The actual quantity may differ from the returned quantity.	0
AvailableInstanceAmount	integer	The number of private IP addresses that can be added to the security group. For more information, see the "Security group capacity" section in Basic security groups and advanced security groups. If you set IsQueryEcsCount to True, the return value of AvailableInstanceAmount is valid. Note This parameter is deprecated. The returned quantity is provided only for reference. The actual quantity may differ from the returned quantity.	0
ResourceGroupId	string	The ID of the resource group to which the security group belongs.	rg-bp67acfmxazb4p****
ServiceManaged	boolean	Indicates whether the user of the security group is an Alibaba Cloud service or a distributor.	false
ServiceID	integer	The ID of the distributor to which the security group belongs.	12345678910
Tags	object
Tag	array<object>	The tags of the security group.
	object	The tag of the security group.
TagValue	string	The value of the tag.	TestValue
TagKey	string	The key of the tag.	TestKey
RuleCount	integer	The number of rules in the security group.	100
GroupToGroupRuleCount	integer	The number of rules that reference security groups in the security group.	5
TotalCount	integer	The total number of security groups. This parameter value is not returned when you use the `MaxResults` and `NextToken` parameters for queries.	20
PageNumber	integer	The current page number. Note This parameter is about to be deprecated. We recommend that you use NextToken and MaxResults for paged queries.	1
PageSize	integer	The number of entries per page. Note This parameter is about to be deprecated. We recommend that you use NextToken and MaxResults for paged queries.	10

Examples

Success response

JSON format

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E",
  "RegionId": "cn-hangzhou",
  "NextToken": "e71d8a535bd9cc11",
  "SecurityGroups": {
    "SecurityGroup": [
      {
        "SecurityGroupId": "sg-bp67acfmxazb4p****",
        "SecurityGroupName": "SGTestName",
        "Description": "TestDescription",
        "SecurityGroupType": "normal",
        "VpcId": "vpc-bp67acfmxazb4p****",
        "CreationTime": "2021-08-31T03:12:29Z",
        "EcsCount": 0,
        "AvailableInstanceAmount": 0,
        "ResourceGroupId": "rg-bp67acfmxazb4p****",
        "ServiceManaged": false,
        "ServiceID": 12345678910,
        "Tags": {
          "Tag": [
            {
              "TagValue": "TestValue",
              "TagKey": "TestKey"
            }
          ]
        },
        "RuleCount": 100,
        "GroupToGroupRuleCount": 5
      }
    ]
  },
  "TotalCount": 20,
  "PageNumber": 1,
  "PageSize": 10
}

Error codes

HTTP status code	Error code	Error message	Description
400	NotSupported.PageNumberAndPageSize	The parameters PageNumber and PageSize are currently not supported, please use NextToken and MaxResults instead.
400	InValidParameter.NextToken	The parameter NextToken is invalid.	The specified NextToken parameter is invalid.
400	MissingParameter.RegionId	The input parameter RegionId that is mandatory for processing this request is not supplied.	The RegionId parameter is required.
400	InvalidParameter.SecurityGroupType	The specified SecurityGroupType is not valid.	The specified SecurityGroupType parameter is invalid.
400	InvalidSecurityGroupId.Malformed	The specified parameter SecurityGroupId is not valid.	The specified SecurityGroupId parameter is invalid.
400	InvalidSecurityGroupName.Malformed	The specified parameter SecurityGroupName is not valid.	The specified SecurityGroupName parameter is not valid. This parameter is empty by default. If you specify a security group name, the name must be 2 to 128 characters in length and start with a letter. It can contain letters, digits, periods (.), underscores (_), and hyphens (-) and cannot start with http:// or https. The security group name is displayed in the ECS console.
500	InternalError	The request processing has failed due to some unknown error.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.