All Products
Search
Document Center

Elastic Compute Service:DescribeSecurityGroupAttribute

Last Updated:Feb 04, 2024

Queries the rules of a security group.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

ParameterTypeRequiredDescriptionExample
SecurityGroupIdstringYes

The ID of the security group.

sg-bp1gxw6bznjjvhu3****
RegionIdstringYes

The region ID of the security group. You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou
NicTypestringNo

The network interface card (NIC) type of the security group rule.

  • Valid values for rules of security groups in the classic network:

    • internet (default)
    • intranet

    **

    NoteYou can query security group rules of only one NIC type in a single call. To query security group rules of both NIC types, call the operation twice.

  • If the security group is in a virtual private cloud (VPC), set the value to intranet. This is also the default value.

    **

    NoteIf you set this parameter to internet or leave this parameter empty, the value of intranet is automatically used.

intranet
DirectionstringNo

The direction in which the security group rule is applied. Valid values:

  • egress: outbound.
  • ingress: inbound.
  • all: outbound and inbound.

Default value: all.

all

Response parameters

ParameterTypeDescriptionExample
object
VpcIdstring

The ID of the VPC. If a VPC ID is returned, the network type of the security group is VPC. If no VPC ID is returned, the network type of the security group is classic network.

vpc-bp1opxu1zkhn00gzv****
RequestIdstring

The ID of the request.

473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E
InnerAccessPolicystring

The access control policy of the security group. Valid values:

  • Accept: All instances in the security group can communicate with each other.
  • Drop: All instances in the security group are isolated from each other.
Accept
Descriptionstring

The description of the security group.

This is description.
SecurityGroupIdstring

The ID of the destination security group.

sg-bp1gxw6bznjjvhu3****
SecurityGroupNamestring

The name of the destination security group.

SecurityGroupName Sample
RegionIdstring

The ID of the region.

cn-hangzhou
Permissionsobject []

Details about the security group rules.

SecurityGroupRuleIdstring

The ID of the security group rule.

sgr-bp12kewq32dfwrdi****
Directionstring

The direction in which the security group rule is applied.

ingress
SourceGroupIdstring

The source security group for inbound access control.

sg-bp12kc4rqohaf2js****
DestGroupOwnerAccountstring

The Alibaba Cloud account that manages the destination security group.

1234567890
DestPrefixListIdstring

The ID of the destination prefix list for outbound access control.

pl-x1j1k5ykzqlixabc****
DestPrefixListNamestring

The name of the destination prefix list.

DestPrefixListName Sample
SourceCidrIpstring

The source CIDR block for inbound access control.

0.0.0.0/0
Ipv6DestCidrIpstring

The destination IPv6 CIDR block.

2001:db8:1233:1a00::***
CreateTimestring

The time at which the security group rule was created. The time is displayed in UTC.

2018-12-12T07:28:38Z
Ipv6SourceCidrIpstring

The source IPv6 CIDR block.

2001:db8:1234:1a00::***
DestGroupIdstring

The ID of the destination security group for outbound access control.

sg-bp1czdx84jd88i7v****
DestCidrIpstring

The destination CIDR block for outbound access control.

0.0.0.0/0
IpProtocolstring

The transport layer protocol.

TCP
Prioritystring

The priority of the rule.

1
DestGroupNamestring

The name of the destination security group.

testDestGroupName
NicTypestring

The network type.

intranet
Policystring

The access control policy.

Accept
Descriptionstring

The description of the security group.

Description Sample 01
PortRangestring

The port range.

80/80
SourcePrefixListNamestring

The name of the source prefix list.

SourcePrefixListName Sample
SourcePrefixListIdstring

The ID of the source prefix list for inbound access control.

pl-x1j1k5ykzqlixdcy****
SourceGroupOwnerAccountstring

The Alibaba Cloud account that manages the source security group.

1234567890
SourceGroupNamestring

The name of the source security group.

testSourceGroupName1
SourcePortRangestring

The source port range.

80/80

Examples

Sample success responses

JSONformat

{
  "VpcId": "vpc-bp1opxu1zkhn00gzv****",
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E",
  "InnerAccessPolicy": "Accept",
  "Description": "This is description.",
  "SecurityGroupId": "sg-bp1gxw6bznjjvhu3****",
  "SecurityGroupName": "SecurityGroupName Sample",
  "RegionId": "cn-hangzhou",
  "Permissions": {
    "Permission": [
      {
        "SecurityGroupRuleId": "sgr-bp12kewq32dfwrdi****",
        "Direction": "ingress",
        "SourceGroupId": "sg-bp12kc4rqohaf2js****",
        "DestGroupOwnerAccount": "1234567890",
        "DestPrefixListId": "pl-x1j1k5ykzqlixabc****",
        "DestPrefixListName": "DestPrefixListName Sample",
        "SourceCidrIp": "0.0.0.0/0",
        "Ipv6DestCidrIp": "2001:db8:1233:1a00::***",
        "CreateTime": "2018-12-12T07:28:38Z",
        "Ipv6SourceCidrIp": "2001:db8:1234:1a00::***",
        "DestGroupId": "sg-bp1czdx84jd88i7v****",
        "DestCidrIp": "0.0.0.0/0",
        "IpProtocol": "TCP",
        "Priority": "1",
        "DestGroupName": "testDestGroupName",
        "NicType": "intranet",
        "Policy": "Accept",
        "Description": "Description Sample 01",
        "PortRange": "80/80",
        "SourcePrefixListName": "SourcePrefixListName Sample",
        "SourcePrefixListId": "pl-x1j1k5ykzqlixdcy****",
        "SourceGroupOwnerAccount": "1234567890",
        "SourceGroupName": "testSourceGroupName1",
        "SourcePortRange": "80/80"
      }
    ]
  }
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidNicType.ValueNotSupportedThe specified NicType does not exist.The specified NicType parameter does not exist.
400InvalidParamterInvalid Parameter.The specified parameter is invalid.
400InvalidSecurityGroupId.MalformedThe specified parameter "SecurityGroupId" is not valid.-
400MissingParameter.RegionIdThe parameter "RegionId" should not be null.-
404InvalidRegionId.NotFoundThe specified RegionId does not exist.The specified region ID does not exist.
404InvalidSecurityGroupId.NotFoundThe specified SecurityGroupId does not exist.The specified security group does not exist in this account. Check whether the security group ID is correct.
500InternalErrorThe request processing has failed due to some unknown error.An internal error has occurred. Try again later.

For a list of error codes, visit the Service error codes.