Creating a Security Group Rule¶
Function¶
This API is used to create a security group rule.
URI¶
POST /v2.0/security-group-rules
Request Parameters¶
Parameter | Type | Mandatory | Description |
|---|---|---|---|
security_group_rule | security_group_rule object | Yes | Specifies the security group rule. For details, see Table 2. |
Attribute | Mandatory | Type | Description |
|---|---|---|---|
description | No | String | Provides supplementary information about the security group rule. |
security_group_id | Yes | String | Specifies the ID of the belonged security group. |
remote_group_id | No | String | Specifies the peer ID of the belonged security group. Either remote_group_id or remote_ip_prefix is used. |
direction | Yes | String | Specifies the direction of the traffic for which the security group rule takes effect. The value can be ingress or egress. |
remote_ip_prefix | No | String | Specifies the peer IP address segment. Either remote_ip_prefix or remote_group_id is used. |
protocol | No | String | Specifies the protocol type or the IP protocol number. The value can be tcp, udp, icmp or an IP protocol number |
port_range_max | No | Integer | Specifies the maximum port number. When ICMP is used, the value is the ICMP code. The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.) |
port_range_min | No | Integer | Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type. When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value. When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min). The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.) |
ethertype | No | String | Specifies the network type. The value can be IPv4 or IPv6. |
Example Request¶
Create an outbound rule in the security group whose ID is 5cb9c1ee-00e0-4d0f-9623-55463cd26ff8. Set protocol to tcp, and remote_ip_prefix to 10.10.0.0/24.
POST https://{Endpoint}/v2.0/security-group-rules
{
"security_group_rule": {
"security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8",
"direction": "egress",
"protocol": "tcp",
"remote_ip_prefix": "10.10.0.0/24"
}
}
Response Parameters¶
Parameter | Type | Description |
|---|---|---|
security_group_rule | security_group_rule object | Specifies the security group rule. For details, see Table 4. |
Attribute | Type | Description |
|---|---|---|
id | String | Specifies the security group rule ID. This parameter is not mandatory when you query security group rules. |
description | String | Provides supplementary information about the security group rule. |
security_group_id | String | Specifies the ID of the belonged security group. |
remote_group_id | String | Specifies the peer ID of the belonged security group. |
direction | String | Specifies the direction of the traffic for which the security group rule takes effect. |
remote_ip_prefix | String | Specifies the peer IP address segment. |
protocol | String | Specifies the protocol type or the IP protocol number. |
port_range_max | Integer | Specifies the maximum port number. When ICMP is used, the value is the ICMP code. |
port_range_min | Integer | Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type. When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value. When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min). |
ethertype | String | Specifies the network type. IPv4 and IPv6 are supported. |
tenant_id | String | Specifies the project ID. |
project_id | String | Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID. |
created_at | String | Specifies the time (UTC) when the security group rule is created. Format: yyyy-MM-ddTHH:mm:ss |
updated_at | String | Specifies the time (UTC) when the security group rule is updated. Format: yyyy-MM-ddTHH:mm:ss |
Example Response¶
{
"security_group_rule": {
"remote_group_id": null,
"direction": "egress",
"remote_ip_prefix": "10.10.0.0/24",
"protocol": "tcp",
"tenant_id": "6fbe9263116a4b68818cf1edce16bc4f",
"port_range_max": null,
"security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8",
"port_range_min": null,
"ethertype": "IPv4",
"description": null,
"id": "7c336b04-1603-4911-a6f4-f2af1d9a0488",
"project_id": "6fbe9263116a4b68818cf1edce16bc4f",
"created_at": "2018-09-20T02:15:34",
"updated_at": "2018-09-20T02:15:34"
}
}
Status Code¶
See Status Codes.
Error Code¶
See Error Codes.