Creates a security group.
Operation description
The default internal connectivity policy for a basic security group created by this operation is intra-group connectivity. You can modify this policy by calling ModifySecurityGroupPolicy.
The default internal connectivity policy for an advanced security group created by this operation is internal isolation, and this policy cannot be modified.
The number of security groups in a single region is limited. You can create a minimum of 100 security groups. For more information, see Security group limits.
To create a security group of the VPC type, you must specify the VpcId parameter.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
ecs:CreateSecurityGroup |
create |
*SecurityGroup
*VPC
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| RegionId |
string |
Yes |
The region ID of the security group. You can call DescribeRegions to query the most recent region list. |
cn-hangzhou |
| Description |
string |
No |
The description of the security group. The description must be 2 to 256 characters in length and cannot start with Default value: empty. |
testDescription |
| ClientToken |
string |
No |
The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but make sure that the token is unique among different requests. The ClientToken value can contain only ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence. |
123e4567-e89b-12d3-a456-426655440000 |
| SecurityGroupName |
string |
No |
The name of the security group. The name must be 2 to 128 characters in length and must start with a letter or a Chinese character. It cannot start with |
testSecurityGroupName |
| VpcId |
string |
No |
The ID of the VPC to which the security group belongs. |
vpc-bp1opxu1zkhn00gzv**** |
| SecurityGroupType |
string |
No |
The type of the security group. Valid values:
Default value: normal. |
enterprise |
| ServiceManaged |
boolean |
No |
This parameter is not publicly available. |
false |
| ResourceGroupId |
string |
No |
The ID of the resource group to which the security group belongs. |
rg-bp67acfmxazb4p**** |
| Tag |
array<object> |
No |
The tags to bind to the security group. Array length: 0 to 20. |
|
|
object |
No |
The tag to bind to the security group. |
||
| key |
string |
No |
The tag key of the security group. Note
To improve compatibility, use the Tag.N.Key parameter. |
null |
| Key |
string |
No |
The tag key of the security group. The tag key cannot be an empty string. The tag key can be up to 128 characters in length and cannot start with |
TestKey |
| Value |
string |
No |
The tag value of the security group. The tag value can be an empty string. The tag value can be up to 128 characters in length and cannot contain |
TestValue |
| value |
string |
No |
The tag value of the security group. Note
To improve compatibility, use the Tag.N.Value parameter. |
null |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| SecurityGroupId |
string |
The security group ID. |
sg-bp1fg655nh68xyz9**** |
| RequestId |
string |
The request ID. |
473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E |
Examples
Success response
JSON format
{
"SecurityGroupId": "sg-bp1fg655nh68xyz9****",
"RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | InvalidDescription.Malformed | The specified parameter "Description" is not valid. | The source description can be 2 to 256 characters in length. It cannot start with http:// and https://. |
| 400 | InvalidSecurityGroupDiscription.Malformed | Specified security group description is not valid. | The specified security group description is invalid. |
| 400 | IncorrectVpcStatus | Current VPC status does not support this operation. | The VPC is in a state that does not support the current operation. |
| 400 | InvalidTagKey.Malformed | Specified tag key is not valid. | The specified tag key is invalid. |
| 400 | InvalidTagValue.Malformed | Specified tag value is not valid. | The specified tag value is invalid. |
| 400 | Duplicate.TagKey | The Tag.N.Key contain duplicate key. | The specified tag key already exists. Tag keys must be unique. |
| 400 | InvalidParams.GroupType | The specified security group type is not valid. | The specified SecurityGroupType parameter is invalid. |
| 400 | InvalidParams.VpcIdGroupType | Only VPC instance supports enterprise level security group. | Only ECS instances that reside in VPCs support advanced security groups. |
| 400 | InvalidSecurityGroupName.Malformed | The specified parameter SecurityGroupName is not valid. | The specified SecurityGroupName parameter is not valid. This parameter is empty by default. If you specify a security group name, the name must be 2 to 128 characters in length and start with a letter. It can contain letters, digits, periods (.), underscores (_), and hyphens (-) and cannot start with http:// or https. The security group name is displayed in the ECS console. |
| 500 | InternalError | The request processing has failed due to some unknown error. | |
| 500 | ServiceUnavailable | The service is unavailable, please try again later. | |
| 403 | QuotaExceed.SecurityGroup | The maximum number of security groups is reached. | The maximum number of security groups has been reached. |
| 403 | InvalidVpcId.NotFound | The VpcId must not empty when only support vpc vm. | A VPC ID must be specified. |
| 403 | IncorrectVpcStatus | Current VPC status does not support this operation. | |
| 403 | IdempotentProcessing | The previous idempotent request(s) is still processing. | A previous idempotent request is being processed. Try again later. |
| 403 | QuotaExceed.Tags | %s | The number of specified tags exceeds the upper limit. %s is a variable. An error message is dynamically returned based on call conditions. |
| 403 | InvalidOperation.ResourceManagedByCloudProduct | %s | You cannot modify security groups managed by cloud services. |
| 404 | InvalidRegionId.NotFound | The specified region does not exist. | The specified RegionId parameter does not exist. Check whether the service is available in the specified region. |
| 404 | InvalidVpcId.NotFound | Specified VPC does not exist. | The specified VPC ID does not exist. |
| 404 | InvalidResourceGroup.NotFound | The ResourceGroup provided does not exist in our records. | The specified resource group does not exist. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.