CreateSecurityGroup - Elastic Compute Service - Alibaba Cloud Documentation Center

Creates a security group.

Operation description

By default, the internal access control policy (InnerAccessPolicy) of the basic security group that you create by calling this operation is internal interconnectivity (Accept). You can call the ModifySecurityGroupPolicy operation to change the value of InnerAccessPolicy for the basic security group.
By default, the internal access control policy (InnerAccessPolicy) of the advanced security group that you create by calling this operation is internal isolation (Drop). The InnerAccessPolicy value of the advanced security group cannot be changed.
You can create a limited number of security groups per region. You can create at least 100 security groups per region. For more information, see the Security group limits section in the "Limits" topic.
To create a security group of the Virtual Private Cloud (VPC) type, you must specify VpcId.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
ecs:CreateSecurityGroup	create	SecurityGroup `acs:ecs:{#regionId}:{#accountId}:securitygroup/` *VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}`	none	none

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID of the security group. You can call the DescribeRegions operation to query the most recent region list.	cn-hangzhou
Description	string	No	The description of the security group. The description must be 2 to 256 characters in length. It cannot start with `http://` or `https://`. By default, this parameter is left empty.	testDescription
ClientToken	string	No	The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence.	123e4567-e89b-12d3-a456-426655440000
SecurityGroupName	string	No	The name of the security group. The name must be 2 to 128 characters in length. The name must start with a letter and cannot start with `http://` or `https://`. The name can contain letters, digits, colons (:), underscores (_), periods (.), and hyphens (-).	testSecurityGroupName
VpcId	string	No	The ID of the VPC in which you want to create the security group. Note The VpcId parameter is required only if you want to create security groups of the VPC type. In regions that support the classic network, you can create security groups of the classic network type without the need to specify the VpcId parameter.	vpc-bp1opxu1zkhn00gzv****
SecurityGroupType	string	No	The type of the security group. Valid values: normal: basic security group enterprise: advanced security group For more information, see Advanced security groups. Default value: normal.	enterprise
ServiceManaged	boolean	No	This parameter is not publicly available.	false
ResourceGroupId	string	No	The ID of the resource group to which the security group belongs.	rg-bp67acfmxazb4p****
Tag	array<object>	No	The tags to add to the security group. You can add up to 20 tags.
	object	No	The tag to add to the security group.
key	string	No	The key of the tag to add to the security group. Note This parameter will be removed in the future. We recommend that you use the Tag.N.key parameter to ensure future compatibility.	null
Key	string	No	The key of the tag to add to the security group. The tag key cannot be an empty string. The tag key can be up to 128 characters in length and cannot start with `acs:` or `aliyun`. The tag key cannot contain `http://` or `https://`.	TestKey
Value	string	No	The value of the tag to add to the security group. The tag value can be an empty string. The tag key can be up to 128 characters in length and cannot contain `http://` or `https://`.	TestValue
value	string	No	The value of the tag to add to the security group. Note This parameter will be removed in the future. We recommend that you use the Tag.N.Value parameter to ensure future compatibility.	null

Response parameters

Parameter	Type	Description	Example
	object
SecurityGroupId	string	The ID of the security group.	sg-bp1fg655nh68xyz9****
RequestId	string	The request ID.	473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

Examples

Sample success responses

JSONformat

{
  "SecurityGroupId": "sg-bp1fg655nh68xyz9****",
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidDescription.Malformed	The specified parameter "Description" is not valid.	The source description can be 2 to 256 characters in length. It cannot start with http:// and https://.
400	InvalidSecurityGroupDiscription.Malformed	Specified security group description is not valid.	The specified security group description is invalid.
400	IncorrectVpcStatus	Current VPC status does not support this operation.	The VPC is in a state that does not support the current operation.
400	InvalidTagKey.Malformed	Specified tag key is not valid.	The specified tag key is invalid.
400	InvalidTagValue.Malformed	Specified tag value is not valid.	The specified tag value is invalid.
400	Duplicate.TagKey	The Tag.N.Key contain duplicate key.	The specified tag key already exists. Tag keys must be unique.
400	InvalidTagKey.Malformed	The specified Tag.n.Key is not valid.	The specified Tag.N.Key parameter is invalid.
400	InvalidTagValue.Malformed	The specified Tag.n.Value is not valid.	The specified tag value is invalid.
400	InvalidParams.GroupType	The specified security group type is not valid.	The specified SecurityGroupType parameter is invalid.
400	InvalidParams.VpcIdGroupType	Only VPC instance supports enterprise level security group.	Only ECS instances that reside in VPCs support advanced security groups.
400	InvalidSecurityGroupName.Malformed	The specified parameter SecurityGroupName is not valid.	The specified SecurityGroupName parameter is not valid. This parameter is empty by default. If you specify a security group name, the name must be 2 to 128 characters in length and start with a letter. It can contain letters, digits, periods (.), underscores (_), and hyphens (-) and cannot start with http:// or https. The security group name is displayed in the ECS console.
403	QuotaExceed.SecurityGroup	The maximum number of security groups is reached.	The maximum number of security groups has been reached.
403	InvalidVpcId.NotFound	The VpcId must not empty when only support vpc vm.	A VPC ID must be specified.
403	IdempotentProcessing	The previous idempotent request(s) is still processing.	A previous idempotent request is being processed. Try again later.
403	QuotaExceed.Tags	%s	The number of specified tags exceeds the upper limit. %s is a variable. An error message is dynamically returned based on call conditions.
403	InvalidOperation.ResourceManagedByCloudProduct	%s	You cannot modify security groups managed by cloud services.
404	InvalidRegionId.NotFound	The specified region does not exist.	The specified RegionId parameter does not exist. Check whether the service is available in the specified region.
404	InvalidVpcId.NotFound	Specified VPC does not exist.	The specified VPC ID does not exist.
404	InvalidResourceGroup.NotFound	The ResourceGroup provided does not exist in our records.	The specified resource group does not exist.
404	InvalidRegionId.NotFound	The specified parameter RegionId is not valid.	The specified RegionId parameter does not exist. Check whether the service is available in the specified region.
500	InternalError	The request processing has failed due to some unknown error.	An internal error has occurred. Try again later.
500	InternalError	The request processing has failed due to some unknown error, exception or failure.	An internal error has occurred. Try again later.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-09-23	The Error code has changed	View Change Details
2023-04-07	The Error code has changed	View Change Details