All Products
Search
Document Center

Elastic Compute Service:DescribeSecurityGroupAttribute

Last Updated:Sep 27, 2024

Queries the rules of a security group.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
ecs:DescribeSecurityGroupAttributeget
  • SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
  • ecs:tag
none

Request parameters

ParameterTypeRequiredDescriptionExample
SecurityGroupIdstringYes

The ID of the security group.

sg-bp1gxw6bznjjvhu3****
RegionIdstringYes

The region ID of the security group. You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou
NicTypestringNo

The network interface controller (NIC) type of the security group rule.

  • Valid values for rules of security groups in the classic network:

    • internet (default)
    • intranet

    **

    Note You can query security group rules of only one NIC type in a single call. To query security group rules of both NIC types, call the operation twice.

  • When the security group is in a virtual private cloud (VPC), set the value to intranet, which is the default value for rules of security groups in VPCs.

    **

    Note If you set this parameter to internet or leave this parameter empty, a value of intranet is automatically used.

intranet
DirectionstringNo

The direction in which the security group rule is applied. Valid values:

  • egress: outbound
  • ingress: inbound
  • all: outbound and inbound

Default value: all.

all
NextTokenstringNo

The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request. You must specify the token that is obtained from the previous query as the value of NextToken.

AAAAAdDWBF2****
MaxResultsintegerNo

The maximum number of entries per page.

  • Minimum value: 10.
  • Maximum value: 1000.

Default value: 500.

500

Response parameters

ParameterTypeDescriptionExample
object
VpcIdstring

The ID of the VPC. If a VPC ID is returned, the network type of the security group is VPC. If no VPC ID is returned, the network type of the security group is classic network.

vpc-bp1opxu1zkhn00gzv****
RequestIdstring

The ID of the request.

473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E
InnerAccessPolicystring

The access control policy of the security group. Valid values:

  • Accept: All instances in the security group can communicate with each other.
  • Drop: All instances in the security group are isolated from each other.
Accept
Descriptionstring

The description of the security group.

This is description.
SecurityGroupIdstring

The ID of the destination security group.

sg-bp1gxw6bznjjvhu3****
SecurityGroupNamestring

The name of the destination security group.

SecurityGroupName Sample
RegionIdstring

The ID of the region.

cn-hangzhou
Permissionsarray<object>

Details about the security group rules.

Permissionobject
SecurityGroupRuleIdstring

The ID of the security group rule.

sgr-bp12kewq32dfwrdi****
Directionstring

The direction in which the security group rule is applied.

ingress
SourceGroupIdstring

The source security group for inbound access control.

sg-bp12kc4rqohaf2js****
DestGroupOwnerAccountstring

The ID of the Alibaba Cloud account to which the destination security group belongs.

1234567890
DestPrefixListIdstring

The ID of the destination prefix list for outbound access control.

pl-x1j1k5ykzqlixabc****
DestPrefixListNamestring

The name of the destination prefix list.

DestPrefixListName Sample
SourceCidrIpstring

The source CIDR block for inbound access control.

0.0.0.0/0
Ipv6DestCidrIpstring

The destination IPv6 CIDR block.

2001:db8:1233:1a00::***
CreateTimestring

The time when the security group rule was created. The time is displayed in UTC.

2018-12-12T07:28:38Z
Ipv6SourceCidrIpstring

The source IPv6 CIDR block.

2001:db8:1234:1a00::***
DestGroupIdstring

The ID of the destination security group for outbound access control.

sg-bp1czdx84jd88i7v****
DestCidrIpstring

The destination CIDR block for outbound access control.

0.0.0.0/0
IpProtocolstring

The transport layer protocol.

TCP
Prioritystring

The priority of the rule.

1
DestGroupNamestring

The name of the destination security group.

testDestGroupName
NicTypestring

The network type.

intranet
Policystring

The access control policy.

Accept
Descriptionstring

The description of the security group.

Description Sample 01
PortRangestring

The port range.

80/80
SourcePrefixListNamestring

The name of the source prefix list.

SourcePrefixListName Sample
SourcePrefixListIdstring

The ID of the source prefix list for inbound access control.

pl-x1j1k5ykzqlixdcy****
SourceGroupOwnerAccountstring

The ID of the Alibaba Cloud account to which the source security group belongs.

1234567890
SourceGroupNamestring

The name of the source security group.

testSourceGroupName1
SourcePortRangestring

The source port range.

80/80
NextTokenstring

A pagination token. It can be used in the next request to retrieve a new page of results. If the return value of this parameter is empty when you specify MaxResults and NextToken for a paged query, no more results are to be returned.

AAAAAdDWBF2****

Examples

Sample success responses

JSONformat

{
  "VpcId": "vpc-bp1opxu1zkhn00gzv****",
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E",
  "InnerAccessPolicy": "Accept",
  "Description": "This is description.",
  "SecurityGroupId": "sg-bp1gxw6bznjjvhu3****",
  "SecurityGroupName": "SecurityGroupName Sample",
  "RegionId": "cn-hangzhou",
  "Permissions": {
    "Permission": [
      {
        "SecurityGroupRuleId": "sgr-bp12kewq32dfwrdi****",
        "Direction": "ingress",
        "SourceGroupId": "sg-bp12kc4rqohaf2js****",
        "DestGroupOwnerAccount": "1234567890",
        "DestPrefixListId": "pl-x1j1k5ykzqlixabc****",
        "DestPrefixListName": "DestPrefixListName Sample",
        "SourceCidrIp": "0.0.0.0/0",
        "Ipv6DestCidrIp": "2001:db8:1233:1a00::***",
        "CreateTime": "2018-12-12T07:28:38Z",
        "Ipv6SourceCidrIp": "2001:db8:1234:1a00::***",
        "DestGroupId": "sg-bp1czdx84jd88i7v****",
        "DestCidrIp": "0.0.0.0/0",
        "IpProtocol": "TCP",
        "Priority": "1",
        "DestGroupName": "testDestGroupName",
        "NicType": "intranet",
        "Policy": "Accept",
        "Description": "Description Sample 01",
        "PortRange": "80/80",
        "SourcePrefixListName": "SourcePrefixListName Sample",
        "SourcePrefixListId": "pl-x1j1k5ykzqlixdcy****",
        "SourceGroupOwnerAccount": "1234567890",
        "SourceGroupName": "testSourceGroupName1",
        "SourcePortRange": "80/80"
      }
    ]
  },
  "NextToken": "AAAAAdDWBF2****"
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidNicType.ValueNotSupportedThe specified NicType does not exist.The specified NicType parameter does not exist.
400InvalidParamterInvalid Parameter.The specified parameter is invalid.
400InvalidSecurityGroupId.MalformedThe specified parameter "SecurityGroupId" is not valid.-
400MissingParameter.RegionIdThe parameter "RegionId" should not be null.-
404InvalidRegionId.NotFoundThe specified RegionId does not exist.The specified region ID does not exist.
404InvalidSecurityGroupId.NotFoundThe specified SecurityGroupId does not exist.The specified security group does not exist in this account. Check whether the security group ID is correct.
500InternalErrorThe request processing has failed due to some unknown error.An internal error has occurred. Try again later.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-05-21The Error code has changed. The request parameters of the API has changed. The response structure of the API has changedView Change Details