All Products
Search
Document Center

Server Load Balancer:ListSecurityPolicy

Last Updated:Oct 12, 2024

Queries the TLS security policies set for a Network Load Balancer (NLB) instance.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
nlb:ListSecurityPolicyget
  • SecurityPolicy
    acs:nlb:{#regionId}:{#accountId}:securitypolicy/*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
SecurityPolicyIdsarrayNo

The IDs of the TLS security policies. You can specify at most 20 policy IDs in each call.

SecurityPolicyIdstringNo

The IDs of the TLS security policies. You can specify at most 20 policy IDs in each call.

tls-bp14bb1e7dll4f****
SecurityPolicyNamesarrayNo

The names of the TLS security policies. You can specify at most 20 policy names.

SecurityPolicyNamestringNo

The names of the TLS security policies. You can specify at most 20 policy names.

TLSCipherPolicy
Tagarray<object>No

The tags.

objectNo
KeystringNo

The tag key. You can specify up to 10 tag keys.

The tag key can be up to 64 characters in length, and cannot contain http:// or https://. It cannot start with aliyun or acs:.

Test
ValuestringNo

The tag value. You can specify up to 10 tag values.

The tag value can be up to 128 characters in length, and cannot contain http:// or https://. It cannot start with aliyun or acs:.

Test
ResourceGroupIdstringNo

The resource group ID.

rg-atstuj3rtop****
NextTokenstringNo

The pagination token that is used in the next request to retrieve a new page of results. Valid values:

  • You do not need to specify this parameter for the first request.
  • You must specify the token that is obtained from the previous query as the value of NextToken.
FFmyTO70tTpLG6I3FmYAXGKPd****
MaxResultsintegerNo

The number of entries to return per page. Valid values: 1 to 100. Default value: 20.

20
RegionIdstringNo

The region ID of the NLB instance.

You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou

Response parameters

ParameterTypeDescriptionExample
object

The operation to query TLS security policies.

RequestIdstring

The request ID.

D7A8875F-373A-5F48-8484-25B07A61F2AF
SecurityPoliciesarray<object>

The TLS security policies.

SecurityPolicieobject

The TLS security policies.

SecurityPolicyIdstring

The ID of the TLS security policy.

tls-bp14bb1e7dll4f****
SecurityPolicyNamestring

The name of the TLS security policy.

TLSCipherPolicy
TlsVersionstring

The supported versions of the TLS protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.

TLSv1.0
Ciphersstring

The supported cipher suites, which are determined by the TLS protocol version. You can specify at most 32 cipher suites.

TLS 1.0 and TLS 1.1 support the following cipher suites:

  • ECDHE-ECDSA-AES128-SHA
  • ECDHE-ECDSA-AES256-SHA
  • ECDHE-RSA-AES128-SHA
  • ECDHE-RSA-AES256-SHA
  • AES128-SHA
  • AES256-SHA
  • DES-CBC3-SHA

TLS 1.2 supports the following cipher suites:

  • ECDHE-ECDSA-AES128-SHA
  • ECDHE-ECDSA-AES256-SHA
  • ECDHE-RSA-AES128-SHA
  • ECDHE-RSA-AES256-SHA
  • AES128-SHA
  • AES256-SHA
  • DES-CBC3-SHA
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES256-SHA384
  • AES128-GCM-SHA256
  • AES256-GCM-SHA384
  • AES128-SHA256
  • AES256-SHA256

TLS 1.3 supports the following cipher suites:

  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_CCM_8_SHA256
ECDHE-ECDSA-AES128-SHA
RegionIdstring

The region ID of the NLB instance.

cn-hangzhou
Tagsarray<object>

The tags.

Tagobject
Keystring

The tag key. You can specify up to 10 tag keys.

The tag key can be up to 64 characters in length, and cannot contain http:// or https://. It cannot start with aliyun or acs:.

Test
Valuestring

The tag value. You can specify up to 10 tag values.

The tag value can be up to 128 characters in length, and cannot contain http:// or https://. It cannot start with aliyun or acs:.

Test
RelatedListenersarray<object>

The listeners that are associated with the NLB instance.

RelatedListenerobject

The listeners that are associated with the NLB instance.

ListenerIdstring

The listener ID.

lsn-bp1bpn0kn908w4nbw****@443
ListenerPortlong

The listener port.

443
ListenerProtocolstring

The listener protocol. Valid value: TCPSSL.

TCPSSL
LoadBalancerIdstring

The NLB instance ID.

nlb-83ckzc8d4xlp8o****
ResourceGroupIdstring

The resource group ID.

rg-atstuj3rtop****
SecurityPolicyStatusstring

The status of the TLS security policy. Valid values:

  • Configuring
  • Available
Available
TotalCountinteger

The total number of entries returned.

10
NextTokenstring

A pagination token. It can be used in the next request to retrieve a new page of results. Valid values:

  • If NextToken is empty, no next page exists.
  • If a value is returned for NextToken, specify the value in the next request to retrieve a new page of results.
FFmyTO70tTpLG6I3FmYAXGKPd****
MaxResultsinteger

The number of entries per page.

20

Examples

Sample success responses

JSONformat

{
  "RequestId": "D7A8875F-373A-5F48-8484-25B07A61F2AF",
  "SecurityPolicies": [
    {
      "SecurityPolicyId": "tls-bp14bb1e7dll4f****",
      "SecurityPolicyName": "TLSCipherPolicy",
      "TlsVersion": "TLSv1.0",
      "Ciphers": "ECDHE-ECDSA-AES128-SHA",
      "RegionId": "cn-hangzhou",
      "Tags": [
        {
          "Key": "Test",
          "Value": "Test"
        }
      ],
      "RelatedListeners": [
        {
          "ListenerId": "lsn-bp1bpn0kn908w4nbw****@443",
          "ListenerPort": 443,
          "ListenerProtocol": "TCPSSL",
          "LoadBalancerId": "nlb-83ckzc8d4xlp8o****"
        }
      ],
      "ResourceGroupId": "rg-atstuj3rtop****",
      "SecurityPolicyStatus": "Available"
    }
  ],
  "TotalCount": 10,
  "NextToken": "FFmyTO70tTpLG6I3FmYAXGKPd****",
  "MaxResults": 20
}

Error codes

HTTP status codeError codeError messageDescription
400SystemBusySystem is busy, please try again later.-
403Forbidden.NoPermissionAuthentication is failed for NoPermission.Authentication is failed for NoPermission.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-09-26The Error code has changedView Change Details
2023-09-05The Error code has changedView Change Details
2023-08-22The Error code has changedView Change Details
2023-07-19The internal configuration of the API is changed, but the call is not affectedView Change Details