Creates a security group. By default, a security group only allows instances in the security group to access each other. Access requests from outside the security group are denied. If you want to allow requests from the Internet or requests from instances in other security groups, you can call the AuthorizeSecurityGroup operation.
Description
When you call this operation, take note of the following item:
- You can create up to 100 security groups within a single Alibaba Cloud region.
- To create a security group of the Virtual Private Cloud (VPC) type, you must specify the VpcId parameter.
Debugging
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | CreateSecurityGroup | The operation that you want to perform. Set the value to CreateSecurityGroup. |
| RegionId | String | Yes | cn-hangzhou | The region ID of the security group. You can call the DescribeRegions operation to query the most recent region list. |
| Description | String | No | testDescription | The description of the security group. The description must be 2 to 256 characters in length and cannot start with This parameter is empty by default. |
| ClientToken | String | No | 123e4567-e89b-12d3-a456-426655440000 | The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. The ClientToken value can only contain ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence. |
| SecurityGroupName | String | No | testSecurityGroupName | The name of the security group. The name must be 2 to 128 characters in length. It must start with a letter and cannot start with |
| VpcId | String | No | vpc-bp1opxu1zkhn00gzv**** | The ID of the VPC in which to create the security group. Note If the specified region supports the classic network, you can create security groups of the classic network type without specifying the VpcId parameter. If the specified region does not support the classic network, you must specify the VpcId parameter to create security groups of the VPC type. |
| SecurityGroupType | String | No | enterprise | The type of the security group. Valid values:
|
| ServiceManaged | Boolean | No | false | This parameter is unavailable. |
| ResourceGroupId | String | No | rg-bp67acfmxazb4p**** | The ID of the resource group to which the security group belongs. |
| Tag.N.key | String | No | null | The key of tag N of the security group. Note This parameter will be removed in the future. We recommend that you use the Tag.N.Key parameter to ensure future compatibility. |
| Tag.N.Key | String | No | TestKey | The key of tag N of the security group. Valid values of N: 1 to 20. The tag key cannot be an empty string. The tag key can be up to 128 characters in length and cannot contain |
| Tag.N.Value | String | No | TestValue | The value of tag N of the security group. Valid values of N: 1 to 20. The tag value can be an empty string. The tag value can be up to 128 characters in length and cannot start with acs: or contain |
| Tag.N.value | String | No | null | The value of tag N of the security group. Note This parameter will be removed in the future. We recommend that you use the Tag.N.Value parameter to ensure future compatibility. |
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| SecurityGroupId | String | sg-bp1fg655nh68xyz9**** | The ID of the security group. |
| RequestId | String | 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E | The ID of the request. |
Examples
Sample requests
https://ecs.aliyuncs.com/?Action=CreateSecurityGroup
&RegionId=cn-hangzhou
&Description=testDescription
&VpcId=vpc-bp1opxu1zkhn00gzv****
&<Common request parameters>Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<CreateSecurityGroupResponse>
<RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
<SecurityGroupId>sg-bp1fg655nh68xyz9****</SecurityGroupId>
</CreateSecurityGroupResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "CEF72CEB-54B6-4AE8-B225-F876FF7BA984",
"SecurityGroupId" : "sg-bp1fg655nh68xyz9****"
}Error codes
| HttpCode | Error code | Error message | Description |
|---|---|---|---|
| 400 | InvalidDescription.Malformed | The specified parameter "Description" is not valid. | The error message returned because the specified Description parameter is invalid. The description must be 2 to 256 characters in length and cannot start with http:// or https://. |
| 400 | InvalidSecurityGroupName.Malformed | Specified security group name is not valid. | The error message returned because the specified SecurityGroupName parameter is invalid. The SecurityGroupName parameter is empty by default. If this parameter is specified, the specified name is displayed in the Elastic Compute Service (ECS) console. The name must be 2 to 128 characters in length. It must start with a letter and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The name cannot start with http:// or https://. |
| 400 | InvalidSecurityGroupDiscription.Malformed | Specified security group description is not valid. | The error message returned because the specified security group description is invalid. |
| 400 | IncorrectVpcStatus | Current VPC status does not support this operation. | The error message returned because the operation is not supported while the VPC is in the current state. |
| 400 | InvalidTagKey.Malformed | Specified tag key is not valid. | The error message returned because the specified tag key is invalid. |
| 400 | InvalidTagValue.Malformed | Specified tag value is not valid. | The error message returned because the specified tag value is invalid. |
| 400 | Duplicate.TagKey | The Tag.N.Key contain duplicate key. | The error message returned because the specified tag key already exists. Tag keys must be unique. |
| 400 | InvalidTagKey.Malformed | The specified Tag.n.Key is not valid. | The error message returned because the specified Tag.N.Key parameter is invalid. |
| 400 | InvalidTagValue.Malformed | The specified Tag.n.Value is not valid. | The error message returned because the specified Tag.N.Value parameter is invalid. |
| 400 | InvalidParams.GroupType | The specified security group type is not valid. | The error message returned because the specified type of the security group is invalid. Check whether the SecurityGroupType parameter is valid. |
| 400 | InvalidParams.VpcIdGroupType | Only VPC instance supports enterprise level security group. | The error message returned because only ECS instances of the VPC type support advanced security groups. |
| 500 | InternalError | The request processing has failed due to some unknown error. | The error message returned because an internal error has occurred. Try again later. |
| 500 | InternalError | The request processing has failed due to some unknown error, exception or failure. | The error message returned because an internal error has occurred. Try again later. |
| 403 | QuotaExceed.SecurityGroup | The maximum number of security groups is reached. | The error message returned because the maximum number of security groups has been reached. Submit a ticket to request a quota increase. |
| 403 | InvalidVpcId.NotFound | vpc id must not empty when only support vpc vm. | The error message returned because the VpcId parameter is not specified. |
| 403 | IdempotentProcessing | The previous idempotent request(s) is still processing. | The error message returned because a previous idempotent request is being processed. Try again later. |
| 403 | QuotaExceed.Tags | %s | The error message returned because the number of specified tags exceeds the upper limit. %s is a variable. An error message is dynamically returned based on call conditions. |
| 403 | InvalidOperation.ResourceManagedByCloudProduct | %s | The error message returned because security groups managed by cloud services cannot be modified. |
| 404 | InvalidVpcId.NotFound | Specified VPC does not exist. | The error message returned because the specified VPC ID does not exist. |
| 404 | InvalidResourceGroup.NotFound | The ResourceGroup provided does not exist in our records. | The error message returned because the specified resource group does not exist. |
For a list of error codes, see Service error codes.