Adds an Elastic Compute Service (ECS) instance or an elastic network interface (ENI) to a security group.

Description

Note This operation is not recommended. We recommend that you call the ModifyInstanceAttribute operation to add instances to or remove instances from a security group, and call the ModifyNetworkInterfaceAttribute operation to add ENIs to or remove ENIs from a security group.

When you call this operation, take note of the following items:

  • Before you add an instance to a security group, the instance must be in the Stopped (Stopped) or Running (Running) state.
  • An instance can be added to up to five security groups.
  • You can submit a ticket to add an instance to more security groups. An instance can be added to up to 16 security groups.
  • A basic security group can contain up to 2,000 instances. An advanced security group can contain up to 65,536 instances.
  • The security group and the instance must belong to the same region.
  • The security group and the instance must be of the same network type. If the network type is Virtual Private Cloud (VPC), the security group and the instance must be in the same VPC.
  • An instance and an ENI cannot be added to a security group at the same time. You cannot specify the InstanceId and NetworkInterfaceId parameters at the same time.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes JoinSecurityGroup

The operation that you want to perform. Set the value to JoinSecurityGroup.

SecurityGroupId String Yes sg-bp67acfmxazb4p****

The ID of the security group. You can call the DescribeSecurityGroups operation to query available security groups.

InstanceId String No i-bp67acfmxazb4p****

The ID of the instance.

Note If this parameter is specified, the NetworkInterfaceId parameter cannot be specified.
NetworkInterfaceId String No eni-bp13kd656hxambfe****

The ID of the ENI.

Note If this parameter is specified, the InstanceId parameter cannot be specified.
RegionId String No cn-hangzhou

The ID of the region. You can call the DescribeRegions operation to query the most recent region list.

  • You do not need to specify a region ID when you add an instance to a security group.
  • You must specify a region ID when you add an ENI to a security group.

Response parameters

Parameter Type Example Description
RequestId String 473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

The ID of the request.

Examples

Sample requests

https://ecs.aliyuncs.com/?Action=JoinSecurityGroup
&InstanceId=i-bp67acfmxazb4p****
&SecurityGroupId=sg-bp67acfmxazb4p****
&<Common request parameters>

Sample success responses

XML format

<JoinSecurityGroupResponse>
      <RequestId>473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E</RequestId>
</JoinSecurityGroupResponse>

JSON format

{
    "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}

Error codes

HttpCode Error code Error message Description
404 InvalidSecurityGroupId.NotFound The specified SecurityGroupId does not exist. The error message returned because the specified security group does not exist within this account. Check whether the security group ID is correct.
400 InstanceSecurityGroupLimitExceeded Exceeding the allowed amount of security groups that an instance can be in. The error message returned because the maximum number of security groups to which the instance can belong has been reached.
403 IncorrectInstanceStatus The current status of the resource does not support this operation. The error message returned because the operation is not supported while the resource is in the current state.
403 InstanceLockedForSecurity The specified operation is denied as your instance is locked for security reasons. The error message returned because the operation is not supported while the instance is locked for security reasons.
403 SecurityGroupInstanceLimitExceeded The maximum number of instances in a security group is exceeded. The error message returned because the maximum number of instances in the specified security group has been reached.
404 InvalidInstanceId.NotFound The specified InstanceId does not exist. The error message returned because the specified InstanceId parameter does not exist.
400 InvalidInstanceId.Mismatch Specified instance and security group are not in the same VPC. The error message returned because the specified instance and security group do not belong to the same VPC or because one of the following cases occurs:1. The security group is of the VPC network type but the instance is not.2. The instance is of the VPC network type but the security group is not.
403 InvalidInstanceId.AlreadyExists The specified instance already exists in the specified security group. The error message returned because the specified instance already exists in the specified security group.
500 InternalError The request processing has failed due to some unknown error. The error message returned because an internal error has occurred. Try again later. If the error persists, submit a ticket.
403 SecurityGroupInstanceLimitExceeded %s The error message returned because the maximum number of instances in the specified security group has been reached.
403 AclLimitExceed %s The error message returned because the value of AccessPoint exceeds the upper limit.
403 InstanceSecurityGroupLimitExceeded %s The error message returned because the maximum number of security groups to which the instance can belong has been reached.
400 InvalidInstanceId.Malformed The specified parameter "InstanceId" is not valid. The error message returned because the specified InstanceId parameter is invalid.
403 InvalidOperation.ResourceManagedByCloudProduct %s The error message returned because the security groups managed by cloud services cannot be modified.
404 InvalidEniId.NotFound %s The error message returned because the specified NetworkInterfaceId parameter does not exist.
403 InvalidOperation.InvalidEniType %s The error message returned because the operation is not supported while the ENI is of the current type.
400 InvalidOperation.InvalidEniState %s The error message returned because the operation is not supported while the ENI is in the current state.
403 InvalidOperation.VpcMismatch %s The error message returned because the operation is invalid. Check whether the VPC in the operation corresponds to other parameters.
400 NotBelongUser %s The error message returned because you are not authorized to manage the specified resource.
400 MissingParameter.RegionId The specified RegionId should not be null. The error message returned because the required RegionId parameter is not specified.
403 InvalidOperation.EniServiceManaged %s The error message returned because the operation is invalid.
403 InvalidParam.EniIdAndInstanceId.Conflict %s The error message returned because the InstanceId and NetworkInterfaceId parameters are both specified. You cannot specify both parameters.

For a list of error codes, visit the API Error Center.