安全组规则
响应对象统一为安全组规则对象:
"Description": "xxoo", # 安全组规则描述
"Id": "ebb8f50e-d174-44f4-8103-cc44abf81569", # 安全组规则id
"SecurityGroupId": "01fc62fa-1db8-47c2-baa3-e84e3213712c", # 安全组规则所属安全组id
"Direction": "ingress", # 安全组规则所方向
"Protocol": "TCP", # 安全组规则协议,目前有TCP/UDP/ICMP/GRE/ESP/AH/ALLPROTOCOL,其中ALLPROTOCOL表示全部流量
"PortMin": "1", # 安全组规则端口下限
"PortMax": "123", # 安全组规则端口上限
"IpRange": "192.168.1.0/28", # 安全组规则授权的IP范围,如果该规则是授权给安全组则该字段为“-”
"AuthorizedSecurityGroupId": "-", # 安全组规则授权安全组对象,如果该规则是授权给IpRange该字段为“-”
"SecurityGroupRuleType": "User", # 安全组规则类型,为"User"和"System"
"CreateAt": "2017-08-03T09:31:44Z", # 创建时间,UTC时间
"UpdateAt": "2017-08-03T09:31:44Z", # 更新时间,UTC时间
1. CreateSecurityGroupRule
接口方法:POST
请求示例:
https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=CreateSecurityGroupRule
-d'{
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"IpRange": "0.0.0.0/0",
"Protocol": "TCP",
"PortMax": "100",
"PortMin": "100"
}'
url 参数:
| 参数 | 是否必选 | 说明 |
|---|
| Version | 是 | API 版本号 |
| Action | 是 | CreateSecurityGroupRule,新建安全规则 |
body 参数:
| 参数 | 是否必选 | 说明 |
|---|
| SecurityGroupId | 是 | 安全组ID |
| Direction | 否 | 安全规则描述 |
| IpRange | 是 | 地址段 |
| Protocol | 是 | 允许的协议 |
| PortMax | 是 | 端口范围,1-65535内的整数 |
| PortMin | 是 | 端口范围,1-65535内的整数 |
请求体示例:
创建一条授权给IpRange的规则:
{
"SecurityGroupId":"01fc62fa-1db8-47c2-baa3-e84e3213712c",【必选】要在哪个安全组里创建规则
"Direction":"ingress", 【必选】安全组规则的方向,ingress表示入方向,egress表示出方向
"IpRange":"192.168.1.0/28", 【必选】ip段,目前一条规则中仅支持添加一个 IP 段
"Protocol":"TCP", 【必选】协议类型,目前有TCP/UDP/ICMP/GRE/ESP/AH/ALLPROTOCOL,其中ALLPROTOCOL表示全部流量
"PortMax":"123", 【可选】端口上限,创TCP/UDP协议的规则时为必选,值范围1-65535,但必须大于PortMin。其余协议为非必选(默认全部端口)
"PortMin":"1", 【可选】端口下限,创TCP/UDP协议的规则时为必选,值范围1-65535,但必须小于PortMax。其余协议为非必选(默认全部端口)
"Description":"xxoo" 【可选】安全组规则描述
}
创建一条授权给安全组的规则
{
"SecurityGroupId":"01fc62fa-1db8-47c2-baa3-e84e3213712c",【必选】要在哪个安全组里创建规则
"Direction":"ingress", 【必选】安全组规则的方向,ingress表示入方向,egress表示出方向
"Protocol":"TCP", 【必选】协议类型,目前有TCP/UDP/ICMP/GRE/ESP/AH/ALLPROTOCOL,其中ALLPROTOCOL表示全部流量
"PortMax":"123", 【可选】端口上限,创TCP/UDP协议的规则时为必选,值范围1-65535,但必须大于PortMin。其余协议为非必选(默认全部端口)
"PortMin":"1", 【可选】端口下限,创TCP/UDP协议的规则时为必选,值范围1-65535,但必须小于PortMax。其余协议为非必选(默认全部端口)
"Description":"xxoo", 【可选】安全组规则描述
"AuthorizedSecurityGroupId":"8de39b4c-71a6-4bdd-b6db-d7b5614070c7" 【必选】要授权的安全组
}
响应示例:
{
"RequestId": "4e8cadf3-6a2c-4c0d-a6d7-676cdc6dc05e",
"SecurityGroupRule": {
"Description": null,
"Id": "d069cad3-12b2-46c9-a130-7b50285bfd68",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "100",
"PortMax": "100",
"IpRange": "0.0.0.0/0",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-11-22T09:01:04Z",
"UpdateAt": "2018-11-22T09:01:04Z"
}
}
更多响应示例:
创建一条授权给IpRange的规则:
{
"RequestId": "82565199-8d89-4110-848a-e4390430610f",
"SecurityGroupRule": {
"Description": "xxoo",
"Id": "ebb8f50e-d174-44f4-8103-cc44abf81569",
"SecurityGroupId": "01fc62fa-1db8-47c2-baa3-e84e3213712c",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "1",
"PortMax": "123",
"IpRange": "192.168.1.0/28",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2017-10-27T11:04:43Z",
"UpdateAt": "2017-10-27T11:04:43Z"
}
}
创建一个授权给安全组的规则:
{
"RequestId": "07478bae-e278-4767-a47e-df84795f6f62",
"SecurityGroupRule": {
"Description": "xxoo",
"Id": "382cca66-fff7-4391-a12b-1020da05351f",
"SecurityGroupId": "01fc62fa-1db8-47c2-baa3-e84e3213712c",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "1",
"PortMax": "123",
"IpRange": "-",
"AuthorizedSecurityGroupId": "8de39b4c-71a6-4bdd-b6db-d7b5614070c7",
"SecurityGroupRuleType": "User",
"CreateAt": "2017-10-27T11:04:43Z",
"UpdateAt": "2017-10-27T11:04:43Z"
}
}
常见错误:
参数无效:
{
"Code": "InvalidParameterValue",
"Message": "Direction is invalid",
"RequestId": "96011523-8259-43ba-9e1d-06345e6cd46d",
"Result": ""
}
提交的数据不是json:
{
"Code": "HttpMessageNotReadable",
"Message": "Request http message is not readable",
"RequestId": "9d27a60d-7d66-4248-8d6e-fc94b61dcad4",
"Result": "Could not read document: Unexpected character ('\"' (code 34)): was expecting comma to separate Object entries\n at [Source: (PushbackInputStream); line: 8, column: 4]; nested exception is com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\"' (code 34)): was expecting comma to separate Object entries\n at [Source: (PushbackInputStream); line: 8, column: 4]"
}
2. DeleteSecurityGroupRule
接口方法:GET
请求示例:
https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=DeleteSecurityGroupRule&Id=d069cad3-12b2-46c9-a130-7b50285bfd68
url 参数:
| 参数 | 是否必选 | 说明 |
|---|
| Version | 是 | API 版本号 |
| Action | 是 | DeleteSecurityGroupRule,删除安全组规则 |
| Id | 是 | 安全组规则ID,可通过接口 ListSecurityGroupRule 查看 |
响应示例:
{
"RequestId": "1b6e579d-2afc-40c7-a864-0e0fc50833ae",
"SecurityGroupRule": {
"Description": null,
"Id": "d069cad3-12b2-46c9-a130-7b50285bfd68",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "100",
"PortMax": "100",
"IpRange": "0.0.0.0/0",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-11-22T09:01:04Z",
"UpdateAt": "2018-11-22T09:01:04Z"
}
}
常见错误:
{
"Code": "MissingParameter",
"Message": "Empty necessary param",
"RequestId": "d052dfd9-0830-49b1-a2ec-9c4b45c4d751",
"Result": "Required String parameter 'Id' is not present"
}
3. ModifySecurityGroupRule
接口方法:POST
请求示例:
https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=ModifySecurityGroupRule
-d '{
"Id":"a8e6ddd0-d58f-40b1-a797-73dd233a42bf",
"Description":"test description"
}'
url 参数:
| 参数 | 是否必选 | 说明 |
|---|
| Version | 是 | API 版本号 |
| Action | 是 | ModifySecurityGroupRule,修改安全组规则 |
body 参数:
| 参数名称 | 说明 | 参数类型 | 是否必填 | 备注 |
|---|
| Description | 安全组规则描述。长度[0,100] | string | 是 | |
| Id | 安全组规则Id | string | 是 | |
响应示例:
{
"RequestId": "d41a32ce-f2bc-44ff-a7f5-04c6ab8cedaf",
"SecurityGroupRule": {
"Description": "test description",
"Id": "a8e6ddd0-d58f-40b1-a797-73dd233a42bf",
"SecurityGroupId": "8de39b4c-71a6-4bdd-b6db-d7b5614070c7",
"Direction": "ingress",
"Protocol": "ALLPROTOCOL",
"PortMin": "-",
"PortMax": "-",
"IpRange": "1.1.1.1/5",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2017-08-03T09:31:44Z",
"UpdateAt": "2017-08-03T09:31:44Z",
}
}
4. ListSecurityGroupRule
接口方法:GET
请求示例:
https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=ListSecurityGroupRule&SecurityGroupId=cd2290b8-989c-491f-baee-4ee392b32eaf
url 参数:
| 参数 | 是否必选 | 说明 |
|---|
| Version | 是 | API 版本号 |
| Action | 是 | ListSecurityGroupRule,获取安全组规则列表 |
| SecurityGroupId | 必选 | 安全组id |
| Limit | 可选 | 返回个数,不填默认20 |
| Offset | 可选 | 总偏移量,不填默认0 |
| KeyWord | 可选 | 模糊搜索参数,可选,匹配范围为:方向direction, securityGroupRuleId , ip范围 remoteIpPrefix, 描述description, 协议protocol |
响应示例:
{
"Count": 11,
"SecurityGroupRules": [
{
"Description": null,
"Id": "1eecc492-6b64-4925-8e37-ebbea20a5925",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "443",
"PortMax": "443",
"IpRange": "-",
"AuthorizedSecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-11-21T02:04:04Z",
"UpdateAt": "2018-11-21T02:04:04Z"
},
{
"Description": null,
"Id": "915c03ff-97d2-461d-96d7-ee0aee0420b8",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "80",
"PortMax": "80",
"IpRange": "-",
"AuthorizedSecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-11-21T02:03:27Z",
"UpdateAt": "2018-11-21T02:03:27Z"
},
{
"Description": null,
"Id": "d406d468-27c4-4a33-ad2d-0ce3663e82d1",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "9200",
"PortMax": "9200",
"IpRange": "-",
"AuthorizedSecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-11-21T01:49:31Z",
"UpdateAt": "2018-11-21T01:49:31Z"
},
{
"Description": null,
"Id": "fc70e2a2-0fa9-45e2-91aa-d50544565fbe",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "3306",
"PortMax": "3306",
"IpRange": "0.0.0.0/0",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-10-22T08:04:27Z",
"UpdateAt": "2018-10-22T08:04:27Z"
},
{
"Description": null,
"Id": "1b501c67-e0ee-422b-a849-2ff3cfb33cf3",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "23",
"PortMax": "23",
"IpRange": "0.0.0.0/0",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-10-12T03:08:17Z",
"UpdateAt": "2018-10-12T03:08:17Z"
},
{
"Description": null,
"Id": "5a8b2b36-34f8-46dc-ae5a-bfeacfbc11f9",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "1194",
"PortMax": "1194",
"IpRange": "0.0.0.0/0",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-10-10T04:40:00Z",
"UpdateAt": "2018-10-10T04:40:00Z"
},
{
"Description": null,
"Id": "45e482f9-205b-4399-8877-b6eec229c539",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "3389",
"PortMax": "3389",
"IpRange": "0.0.0.0/0",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-10-09T02:32:29Z",
"UpdateAt": "2018-10-09T02:32:29Z"
},
{
"Description": null,
"Id": "5ff654d7-9f42-4d46-bdfd-456d2989019e",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "22",
"PortMax": "22",
"IpRange": "0.0.0.0/0",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-10-08T01:49:13Z",
"UpdateAt": "2018-10-08T01:49:13Z"
},
{
"Description": null,
"Id": "3da691d2-5666-4f37-ac7a-4a9b0c71cb43",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "ICMP",
"PortMin": "-",
"PortMax": "-",
"IpRange": "0.0.0.0/0",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-10-06T04:14:45Z",
"UpdateAt": "2018-10-06T04:14:45Z"
},
{
"Description": null,
"Id": "eabfbb91-3eab-4a9a-b947-5ad20d1be731",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "TCP",
"PortMin": "8080",
"PortMax": "8080",
"IpRange": "-",
"AuthorizedSecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"SecurityGroupRuleType": "User",
"CreateAt": "2018-09-19T06:14:50Z",
"UpdateAt": "2018-09-19T06:14:50Z"
},
{
"Description": null,
"Id": "addb49ad-733b-4452-a9f7-d36c9d898eac",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "ALLPROTOCOL",
"PortMin": "-",
"PortMax": "-",
"IpRange": "192.168.0.0/16",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "System",
"CreateAt": "2018-08-02T02:27:05Z",
"UpdateAt": "2018-08-02T02:27:05Z"
}
],
"Offset": 0,
"RequestId": "a6f502a4-1cf5-4f88-84e4-f6f3f68bbfc3",
"Limit": 20
}
常见错误:
缺少必要参数:
{
"Code": "MissingParameter",
"Message": "Empty necessary param",
"RequestId": "4416f054-391f-431e-a940-6d7aa969b3ab",
"Result": "Required String parameter 'SecurityGroupId' is not present"
}
参数错误,如安全组不属于当前租户:
{
"Code": "InvalidParameterValue",
"Message": "Security group is not found",
"RequestId": "2bee2439-5eb2-4fb9-be1d-d8ab3d91ec9e",
"Result": ""
}
5. GetSecurityGroupRule
接口方法:GET
请求示例:
https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=GetSecurityGroupRule&Id=addb49ad-733b-4452-a9f7-d36c9d898eac
url 参数:
| 参数 | 是否必选 | 说明 |
|---|
| Version | 是 | API 版本号 |
| Action | 是 | GetSecurityGroupRule,获取指定的安全规则详情 |
| Id | 是 | 安全规则ID |
body 参数:
响应示例:
{
"RequestId": "f65304df-8fc9-4b75-b407-c9cdb4e4e025",
"SecurityGroupRule": {
"Description": null,
"Id": "addb49ad-733b-4452-a9f7-d36c9d898eac",
"SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
"Direction": "ingress",
"Protocol": "ALLPROTOCOL",
"PortMin": "-",
"PortMax": "-",
"IpRange": "192.168.0.0/16",
"AuthorizedSecurityGroupId": "-",
"SecurityGroupRuleType": "System",
"CreateAt": "2018-08-02T02:27:05Z",
"UpdateAt": "2018-08-02T02:27:05Z"
}
}
常见错误:
{
"Code": "MissingParameter",
"Message": "Empty necessary param",
"RequestId": "bd3f5456-dfa3-41d6-9afa-07a2e40bfa3b",
"Result": "Required String parameter 'Id' is not present"
}
