edit-icon download-icon


Last Updated: Jun 13, 2018

The ALIYUN::ECS::SecurityGroupIngress type is used to create the ingress access rule of a security group.


  1. {
  2. "Type" : "ALIYUN::ECS::SecurityGroupIngress",
  3. "Properties" : {
  4. "SecurityGroupId" : String,
  5. "IpProtocol" : String,
  6. "PortRange" : String,
  7. "SourceGroupId" : String,
  8. "SourceGroupOwnerAccount" : String,
  9. "SourceCidrIp" : String,
  10. "Policy" : String,
  11. "Priority" : String,
  12. "NicType" : String
  13. }
  14. }


Name Type Required Update allowed Description Constraint
IpProtocol string Yes No IP protocol. Value options: tcp, udp, icmp, gre, and all.The value “all” indicates that it supports all the four protocols.
PortRange string No No Range of the port numbers of a specific IP protocol When IpProtocol is set to “tcp” or “udp”, the default port numbers are used, and the port number range is [1, 65535]. For example, “1/200” indicates the port number range [1, 200]. If the value “200/1” is entered, an error is returned when the interface is called.When IpProtocol is set to “icmp”, the port number range is -1/-1.When IpProtocol is set to “gre”, the port number range is -1/-1.When IpProtocol is set to “all”, the port number range is -1/-1.
SourceGroupId string No No ID of the source security group in the same region ID of the source security group. Either SourceGroupId or SourceCidrIp must be set. If both are set, SourceCidrIp is authorized by default. If this parameter is specified but SourceCidrIp is unspecified, NicType can only be set to intranet.
SecurityGroupId string No No ID of the security group for which an ingress access rule is to be created. N/A
NicType string No No Network type. Value options: Internet and intranet. Default value: Internet.
SourceGroupOwnerAccount string No No The Alibaba Cloud account to which the source security group belongs. This parameter is applicable in cross-user security group authorization. If this parameter is not set, authorization is performed for security groups of the same account. This parameter is invalid, if SourceCidrIp is set.
Priority integer No No Authorization policy priority. Value range: [1, 100]; default value: 1.
SourceCidrIp string No No Target IP address range. The IP address range must be specified in CIDR format. The default value is (indicating that no restriction is applied). Other supported formats include Only IPv4 is supported.
Policy string No No Authorization policy. Value options: accept (access request accepted) and drop (access request denied).Default value: accept.

Return values




  1. {
  2. "ROSTemplateFormatVersion" : "2015-09-01",
  3. "Resources" : {
  4. "SG": {
  5. "Type": "ALIYUN::ECS::SecurityGroupIngress",
  6. "Properties": {
  7. "SecurityGroupId": "sg-25bowo058",
  8. "IpProtocol": "tcp",
  9. "PortRange": "65535/65535",
  10. "SourceCidrIp": ""
  11. }
  12. }
  13. }
  14. }
Thank you! We've received your feedback.