Revoke ENS Security Group Rules via API - ENS

Deletes an ENS security group rule.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

ens:DeleteSecurityGroupPermissions

delete

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
SecurityGroupId	string	Yes	The ID of the security group.	sg-bp67acfmxazb4p****
Permissions	array<object>	Yes	The security group rules.
	object	No	The security group rule.
Direction	string	Yes	The direction in which the security group rule is applied. egress ingress	ingress
IpProtocol	string	Yes	Protocol type. Valid values: TCP UDP ICMP: the ICMP protocol ICMPv6: the IPv6 ICMP protocol. ALL: All protocols are supported.	TCP
PortRange	string	Yes	The destination port range of the security group rule. Valid values: If you set IpProtocol to TCP or UDP, the valid values of this parameter are 1 to 65535. Specify a port range in the format of <Start port number>/<End port number>. Example: 1/200. If you set IpProtocol to ICMP, the port range is -1/-1. If you set IpProtocol to ALL, the port number range is -1/-1.	80/80
SourcePortRange	string	No	The range of source port numbers for the protocols specified in the security group rule. Valid values: If you set IpProtocol to TCP or UDP, the valid values of this parameter are 1 to 65535. Specify a port range in the format of <Start port number>/<End port number>. Example: 1/200. If you set IpProtocol to ICMP, the port range is -1/-1. If you set IpProtocol to ALL, the port range is -1/-1.	22/22
Policy	string	Yes	The action specified in the security group rule. Valid values: Accept Drop	Accept
DestCidrIp	string	No	The destination IPv4 CIDR block. CIDR blocks and IPv4 addresses are supported.	10.XX.XX.91
SourceCidrIp	string	No	The source IPv4 CIDR block. CIDR blocks and IPv4 addresses are supported.	0.XX.XX.0/0
Priority	integer	Yes	The priority of the security group rule. A smaller value specifies a higher priority. Valid values: 1 to 100.	1
Ipv6SourceCidrIp	string	No	The source IPv6 CIDR block of the security group rule. IPv6 CIDR blocks and IPv6 addresses are supported. Note This parameter and the `DestCidrIp` parameter cannot be set at the same time.	::/0
Ipv6DestCidrIp	string	No	The destination IPv6 CIDR block. IPv6 CIDR blocks and IPv6 addresses are supported. Note This parameter and the `DestCidrIp` parameter cannot be set at the same time.	::/0

Response elements

Element	Type	Description	Example
	object	Schema of Response
RequestId	string	The request ID.	AAE90880-4970-4D81-A534-A6C0F3631F74

Examples

Success response

JSON format

{
  "RequestId": "AAE90880-4970-4D81-A534-A6C0F3631F74"
}

Error codes

HTTP status code	Error code	Error message	Description
400	ens.interface.error	Failed to call API.
400	InvalidParameter.PortRange	The parameter PortRange is not valid.	The port range is not configured correctly.
400	InvalidSecurityGroupId.NotFound	The specified SecurityGroupId does not exist.	The specified security group ID does not exist.
400	InvalidParameter.CidrIp	The parameter CidrIp is not valid.	The security group rule CIDR block parameter is invalid.
400	NoPermission	Permission denied.
400	InvalidParameter.SourceIpConflict	The Parameters SourceCidrIp and Ipv6SourceCidrIp cannot be set at the same time.	Parameter SourceCidrIp and Ipv6SourceCidrIp cannot be set at the same time.
400	InvalidParameter.DestIpConflict	The Parameters DestCidrIp and Ipv6DestCidrIp cannot be set at the same time.	Parameter DestCidrIp and Ipv6DestCidrIp cannot be set at the same time.
400	InvalidParameter.Ipv4ProtocolConflictWithIpv6Address	IPv6 address cannot be specified for IPv4-specific protocol.	The IPv4 protocol cannot specify an IPv6 address.
400	InvalidParameter.Ipv6ProtocolConflictWithIpv4Address	IPv4 address cannot be specified for IPv6-specific protocol.	The IPv6 protocol cannot specify an IPv4 address.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.