This article introduces the specific access rights of the security group in the inbound direction, allowing or denying other devices to send inbound traffic to the security group. It focuses on the specific steps. The content of this article is compact. I hope you can learn something. reward.
AuthorizeSecurityGroup
Add a security group inbound rule. Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.
Description
We define the initiating end of the inbound traffic as the source end (Source), and the receiving end of the data transmission as the destination end (Destination) ),As shown below.
When calling this interface, you need to understand:
A security group can have up to 100 security group rules.
Security group rules are divided into two categories: accept access (accept) and deny access (drop).
The security group rule priority (Priority) optional range is [1, 100]. The smaller the number, the higher the priority.
Among security group rules with the same priority, rules that deny access (drop) take precedence.
The source device can be a specified IP address range (SourceCidrIp) or an instance in another security group (SourceGroupId).
Any set of parameters below can determine a security group rule. Specifying only one parameter cannot determine a security group rule. If a matching security group rule already exists, this call to AuthorizeSecurityGroup fails.
Set the access permissions for the specified IP address segment, such as request example 1: IpProtocol, PortRange, (optional) SourcePortRange, NicType, Policy, (optional) DestCiderIp and SourceCidrIp
Set other security The access rights of the group, such as request example 2: IpProtocol, PortRange, (optional) SourcePortRange, NicType, Policy, (optional) DestCiderIp, SourceGroupOwnerAccount and SourceGroupId
Request parameters
Return parameters
are all public return parameters. See Public Parameters.
Example
For more examples of setting security group rules, please refer to Application Cases, Typical Applications of Security Group Rules and Security Group Five An introduction to tuple rules.
Request Example 1
Set the access permissions for the specified IP address range. At this time, the network card type (NicType) of the classic network type security group can be set to public network (internet) and intranet (intranet). The network card type (NicType) of the VPC type security group can only be set to the intranet.
https://ecs.aliyuncs.com/?Action=AuthorizeSecurityGroup &SecurityGroupId=sg-F876FF7BA &SourceCidrIp=0.0.0.0/0 &IpProtocol=tcp &PortRange=1/65535 &NicType=intranet &Policy=Allow &<公共请求参数>
Request example two
Set the access permissions of other security groups. At this time, the network card type (NicType) can only be intranet. When security groups of the classic network type communicate with each other, you can set the access permissions of other security groups in the same region to your security group. This security group can be yours or another Alibaba Cloud account (SourceGroupOwnerAccount). When VPC security groups communicate with each other, you can set the access permissions of other security groups in the same VPC to this security group.
https://ecs.aliyuncs.com/?Action=AuthorizeSecurityGroup &SecurityGroupId=sg-F876FF7BA &SourceGroupId=sg-1651FBB64 &SourceGroupOwnerAccount=test@aliyun.com &IpProtocol=tcp &PortRange=1/65535 &NicType=intranet &Policy=Drop &<公共请求参数>
Return example
XML format
<AuthorizeSecurityGroupResponse> <RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId> </AuthorizeSecurityGroupResponse>
JSON format
{ "RequestId":"CEF72CEB-54B6-4AE8-B225-F876FF7BA984" }
Error codes
The following are the error codes unique to this interface. For more error codes, please visit the API Error Center.
The above is the detailed content of Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.. For more information, please follow other related articles on the PHP Chinese website!