Adds an ECS instance or an elastic network interface to a security group.
Operation description
This API is deprecated. We recommend calling the ModifyInstanceAttribute operation to add or remove an ECS instance from a security group, or calling the ModifyNetworkInterfaceAttribute operation to add or remove an elastic network interface (ENI) from a security group.
-
You cannot add an instance and an elastic network interface to a security group in the same call. The
InstanceIdandNetworkInterfaceIdparameters are mutually exclusive. -
The security group and the instance must be in the same Alibaba Cloud region.
-
The security group and the instance must have the same network type. If the network type is VPC, they must also belong to the same VPC.
-
You can add an instance to a security group only if the instance is in the Stopped or Running state.
-
An instance or an elastic network interface can belong to a maximum of five security groups. For more information, see Security group limitations.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
ecs:JoinSecurityGroup |
update |
*Instance
*SecurityGroup
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| SecurityGroupId |
string |
Yes |
The ID of the security group. Call DescribeSecurityGroups to view your available security groups. |
sg-bp67acfmxazb4p**** |
| InstanceId |
string |
No |
The ID of the instance. Note
If you specify this parameter, you must leave |
i-bp67acfmxazb4p**** |
| NetworkInterfaceId |
string |
No |
The ID of the elastic network interface. Note
If you specify this parameter, you must leave |
eni-bp13kd656hxambfe**** |
| RegionId |
string |
No |
The ID of the region. Call DescribeRegions to view the latest list of Alibaba Cloud regions.
|
cn-hangzhou |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| RequestId |
string |
The request ID. |
473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E |
Examples
Success response
JSON format
{
"RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | InstanceSecurityGroupLimitExceeded | Exceeding the allowed amount of security groups that an instance can be in. | |
| 400 | InvalidInstanceId.Mismatch | Specified instance and security group are not in the same VPC. | The specified instance and security group do not belong to the same VPC, or one of the following cases has occurred: 1. The security group is of the VPC network type but the instance is not. 2. The instance is of the VPC network type but the security group is not. |
| 400 | InvalidInstanceId.Malformed | The specified parameter "InstanceId" is not valid. | |
| 400 | InvalidOperation.NotSupportEnterpriseGroup | The specified instance type doesn't support enterprise level security group. | |
| 400 | InvalidOperation.MultiGroupType | The specified instance can't join different types of security group. | |
| 400 | InvalidOperation.InvalidEniState | %s | |
| 400 | InvalidOperation.EniAndGroupNotBelongSameUser | %s | |
| 400 | NotBelongUser | %s | You are not authorized to manage the specified resource. |
| 400 | MissingParameter.RegionId | The specified RegionId should not be null. | The RegionId parameter is required. |
| 400 | InvalidStatus.EniOrInstanceIsBeingCreated | %s. | The specified ECS instance or ENI is currently being created. Please wait for the creation process to complete and try again. |
| 500 | InternalError | The request processing has failed due to some unknown error. | |
| 403 | IncorrectInstanceStatus | The current status of the resource does not support this operation. | |
| 403 | InstanceLockedForSecurity | The specified operation is denied as your instance is locked for security reasons. | |
| 403 | SecurityGroupInstanceLimitExceeded | The maximum number of instances in a security group is exceeded. | The maximum number of instances in the specified security group has been reached. |
| 403 | InvalidInstanceId.AlreadyExists | The specified instance already exists in the specified security group. | The specified instance is already present in the specified security group. |
| 403 | AclLimitExceed | %s | The number of ACL rules for an ENI or instance exceeds the upper limit. |
| 403 | InstanceSecurityGroupLimitExceeded | %s | |
| 403 | InvalidOperation.NetworkInterfaceCountExceeded | The maximum number of NetworkInterface in a enterprise level security group is exceeded. | The number of NICs in the specified enterprise security group exceeds the limit. |
| 403 | InvalidOperation.ResourceManagedByCloudProduct | %s | You cannot modify security groups managed by cloud services. |
| 403 | InvalidOperation.InvalidEniType | %s | |
| 403 | InvalidOperation.VpcMismatch | %s | The operation is invalid. Check whether the VPC in the operation corresponds to other parameters. |
| 403 | InvalidOperation.EniServiceManaged | %s | The operation is invalid. |
| 403 | InvalidParam.Malformed | %s | Invalid parameter |
| 403 | InvalidParam.EniIdAndInstanceId.Conflict | %s | The InstanceId and NetworkInterfaceId parameters are mutually exclusive and cannot be both specified. |
| 403 | Forbidden.InstanceIsBeingCreated | The specified instance is being created. | The specified instance is being created. |
| 404 | InvalidSecurityGroupId.NotFound | The specified SecurityGroupId does not exist. | The specified security group does not exist in this account. Check whether the security group ID is correct. |
| 404 | InvalidInstanceId.NotFound | The specified InstanceId does not exist. | The specified instanceId is invalid. |
| 404 | InvalidEniId.NotFound | %s | |
| 409 | InvalidOperation.Conflict | Request was denied due to conflict with a previous request, please try again later. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.