Home > Article > Operation and Maintenance > Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.

Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.

坏嘻嘻Original: 2018-09-25 13:44:324030browse

This article introduces the specific access rights of the security group in the inbound direction, allowing or denying other devices to send inbound traffic to the security group. It focuses on the specific steps. The content of this article is compact. I hope you can learn something. reward.

AuthorizeSecurityGroup

Add a security group inbound rule. Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.

Description

We define the initiating end of the inbound traffic as the source end (Source), and the receiving end of the data transmission as the destination end (Destination) ),As shown below.

Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.

When calling this interface, you need to understand:

A security group can have up to 100 security group rules.

Security group rules are divided into two categories: accept access (accept) and deny access (drop).

The security group rule priority (Priority) optional range is [1, 100]. The smaller the number, the higher the priority.

Among security group rules with the same priority, rules that deny access (drop) take precedence.

The source device can be a specified IP address range (SourceCidrIp) or an instance in another security group (SourceGroupId).

Any set of parameters below can determine a security group rule. Specifying only one parameter cannot determine a security group rule. If a matching security group rule already exists, this call to AuthorizeSecurityGroup fails.

Set the access permissions for the specified IP address segment, such as request example 1: IpProtocol, PortRange, (optional) SourcePortRange, NicType, Policy, (optional) DestCiderIp and SourceCidrIp

Set other security The access rights of the group, such as request example 2: IpProtocol, PortRange, (optional) SourcePortRange, NicType, Policy, (optional) DestCiderIp, SourceGroupOwnerAccount and SourceGroupId

Request parameters Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.

Return parameters

are all public return parameters. See Public Parameters.

Example

For more examples of setting security group rules, please refer to Application Cases, Typical Applications of Security Group Rules and Security Group Five An introduction to tuple rules.

Request Example 1

Set the access permissions for the specified IP address range. At this time, the network card type (NicType) of the classic network type security group can be set to public network (internet) and intranet (intranet). The network card type (NicType) of the VPC type security group can only be set to the intranet.

https://ecs.aliyuncs.com/?Action=AuthorizeSecurityGroup
&SecurityGroupId=sg-F876FF7BA
&SourceCidrIp=0.0.0.0/0
&IpProtocol=tcp
&PortRange=1/65535
&NicType=intranet
&Policy=Allow
&<公共请求参数>

Request example two

Set the access permissions of other security groups. At this time, the network card type (NicType) can only be intranet. When security groups of the classic network type communicate with each other, you can set the access permissions of other security groups in the same region to your security group. This security group can be yours or another Alibaba Cloud account (SourceGroupOwnerAccount). When VPC security groups communicate with each other, you can set the access permissions of other security groups in the same VPC to this security group.

https://ecs.aliyuncs.com/?Action=AuthorizeSecurityGroup
&SecurityGroupId=sg-F876FF7BA
&SourceGroupId=sg-1651FBB64
&SourceGroupOwnerAccount=test@aliyun.com
&IpProtocol=tcp
&PortRange=1/65535
&NicType=intranet
&Policy=Drop
&<公共请求参数>

Return example

XML format

<AuthorizeSecurityGroupResponse>
    <RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
</AuthorizeSecurityGroupResponse>

JSON format

{
    "RequestId":"CEF72CEB-54B6-4AE8-B225-F876FF7BA984"
}

Error codes

The following are the error codes unique to this interface. For more error codes, please visit the API Error Center. Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.

The above is the detailed content of Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.. For more information, please follow other related articles on the PHP Chinese website!

json xml 接口

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：How to authorize security group permissions while only allowing instances within the security group to access each otherNext article：How to authorize security group permissions while only allowing instances within the security group to access each other

See more

Specify the inbound access permissions of the security group to allow or deny other devices to send inbound traffic to instances in the security group.

Related articles