Adds an Elastic Compute Service (ECS) instance or an elastic network interface (ENI) to a security group.
Description
Note We recommend that you use the ModifyInstanceAttribute operation to add instances to or remove instances from a security group, and use the ModifyNetworkInterfaceAttribute operation to add ENIs to or remove ENIs from a security group.
When you call this operation, take note of the following items:
- Before you add an instance to a security group, the instance must be in the Stopped or Running state.
- Each instance can be added to up to five security groups by default.
You can increase this number to 16 by submitting a ticket.
- A basic security group can contain up to 2,000 instances. An advanced security group can contain up to 65,536 instances.
- The security group and the instance must reside in the same region.
- The security group and the instance must be of the same network type. If the network type is Virtual Private Cloud (VPC), the security group and the instance must be in the same VPC.
- An instance and an ENI cannot be added to a security group at the same time. You cannot specify the
InstanceIdandNetworkInterfaceIdparameters at the same time.
Debugging
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | JoinSecurityGroup | The operation that you want to perform. Set the value to JoinSecurityGroup. |
| SecurityGroupId | String | Yes | sg-bp67acfmxazb4p**** | The IDs of the security groups to which the ENI belongs. You can call the DescribeSecurityGroups operation to query the most recent list of security groups. |
| InstanceId | String | No | i-bp67acfmxazb4p**** | The ID of the instance Note If this parameter is specified, the NetworkInterfaceId parameter must be left empty. |
| NetworkInterfaceId | String | No | eni-bp13kd656hxambfe**** | The ID of the ENI N. Note If this parameter is specified, the InstanceId parameter must be left empty. |
| RegionId | String | No | cn-hangzhou | The ID of the region. You can call the DescribeRegions operation to query the most recent list of regions.
|
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| RequestId | String | 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E | The ID of the request. |
Examples
Sample requests
https://ecs.aliyuncs.com/?Action=JoinSecurityGroup
&InstanceId=i-bp67acfmxazb4p****
&SecurityGroupId=sg-bp67acfmxazb4p****
&<Common request parameters>Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<JoinSecurityGroupResponse>
<RequestId>473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E</RequestId>
</JoinSecurityGroupResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}Error codes
| HttpCode | Error code | Error message | Description |
|---|---|---|---|
| 400 | InstanceSecurityGroupLimitExceeded | Exceeding the allowed amount of security groups that an instance can be in. | The error message returned because the maximum number of security groups to which the instance can belong has been reached. |
| 400 | InvalidInstanceId.Mismatch | Specified instance and security group are not in the same VPC. | The error message returned because the specified instance and security group do not belong to the same VPC or because one of the following cases occurs: 1. The security group is of the VPC network type but the instance is not. 2. The instance is of the VPC network type but the security group is not. |
| 400 | InvalidOperation.InvalidEniState | %s | The error message returned because the operation is not supported while the ENI is in the current state. |
| 400 | NotBelongUser | %s | The error message returned because you are not authorized to manage the specified resource. |
| 400 | MissingParameter.RegionId | The specified RegionId should not be null. | The error message returned because the required RegionId parameter is not specified. |
| 500 | InternalError | The request processing has failed due to some unknown error. | The error message returned because an internal error has occurred. Try again later. |
| 403 | IncorrectInstanceStatus | The current status of the resource does not support this operation. | The error message returned because the operation is not supported while the resource is in the current state. |
| 403 | InstanceLockedForSecurity | The specified operation is denied as your instance is locked for security reasons. | The error message returned because the operation is not supported while the instance is locked for security reasons. |
| 403 | SecurityGroupInstanceLimitExceeded | The maximum number of instances in a security group is exceeded. | The error message returned because the maximum number of instances in the specified security group has been reached. |
| 403 | InvalidInstanceId.AlreadyExists | The specified instance already exists in the specified security group. | The error message returned because the specified instance already exists in the specified security group. |
| 403 | SecurityGroupInstanceLimitExceeded | %s | The error message returned because the maximum number of instances in the security group has been reached. |
| 403 | AclLimitExceed | %s | The error message returned because the value of AccessPoint exceeds the upper limit. |
| 403 | InstanceSecurityGroupLimitExceeded | %s | The error message returned because the maximum number of security groups to which the instance can belong has been reached. |
| 403 | InvalidOperation.ResourceManagedByCloudProduct | %s | The error message returned because security groups managed by cloud services cannot be modified. |
| 403 | InvalidOperation.InvalidEniType | %s | The error message returned because the operation is not supported while the ENI is of the current type. |
| 403 | InvalidOperation.VpcMismatch | %s | The error message returned because the operation is invalid. Check whether the VPC in the operation corresponds to other parameters. |
| 403 | InvalidOperation.EniServiceManaged | %s | The error message returned because the operation is invalid. |
| 403 | InvalidParam.EniIdAndInstanceId.Conflict | %s | The error message returned because the InstanceId and NetworkInterfaceId parameters are both specified. These two parameters are mutually exclusive and cannot be both specified. |
| 404 | InvalidSecurityGroupId.NotFound | The specified SecurityGroupId does not exist. | The error message returned because the specified security group does not exist in this account. Check whether the security group ID is correct. |
| 404 | InvalidInstanceId.NotFound | The specified InstanceId does not exist. | The error message returned because the specified InstanceId parameter is invalid. |
| 404 | InvalidEniId.NotFound | %s | The error message returned because the specified ENI ID does not exist. |
For a list of error codes, see Service error codes.