安全组规则

响应对象统一为安全组规则对象:

"Description": "xxoo",                        # 安全组规则描述
"Id": "ebb8f50e-d174-44f4-8103-cc44abf81569", # 安全组规则id
"SecurityGroupId": "01fc62fa-1db8-47c2-baa3-e84e3213712c", # 安全组规则所属安全组id
"Direction": "ingress",                                    # 安全组规则所方向
"Protocol": "TCP",                                         # 安全组规则协议,目前有TCP/UDP/ICMP/GRE/ESP/AH/ALLPROTOCOL,其中ALLPROTOCOL表示全部流量
"PortMin": "1",                               # 安全组规则端口下限
"PortMax": "123",                             # 安全组规则端口上限
"IpRange": "192.168.1.0/28",                  # 安全组规则授权的IP范围,如果该规则是授权给安全组则该字段为“-”
"AuthorizedSecurityGroupId": "-",             # 安全组规则授权安全组对象,如果该规则是授权给IpRange该字段为“-”
"SecurityGroupRuleType": "User",              # 安全组规则类型,为"User"和"System"
"CreateAt": "2017-08-03T09:31:44Z",                 # 创建时间,UTC时间
"UpdateAt": "2017-08-03T09:31:44Z",                 # 更新时间,UTC时间

1. CreateSecurityGroupRule

接口方法:POST

请求示例:

https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=CreateSecurityGroupRule
-d'{
    "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
    "Direction": "ingress",
    "IpRange": "0.0.0.0/0",
    "Protocol": "TCP",
    "PortMax": "100",
    "PortMin": "100"
}'

url 参数:

参数是否必选说明
VersionAPI 版本号
ActionCreateSecurityGroupRule,新建安全规则

body 参数:

参数是否必选说明
SecurityGroupId安全组ID
Direction安全规则描述
IpRange地址段
Protocol允许的协议
PortMax端口范围,1-65535内的整数
PortMin端口范围,1-65535内的整数

请求体示例:

创建一条授权给IpRange的规则:
{
  "SecurityGroupId":"01fc62fa-1db8-47c2-baa3-e84e3213712c",【必选】要在哪个安全组里创建规则
  "Direction":"ingress",                                   【必选】安全组规则的方向,ingress表示入方向,egress表示出方向
  "IpRange":"192.168.1.0/28",                              【必选】ip段,目前一条规则中仅支持添加一个 IP 段
  "Protocol":"TCP",                                        【必选】协议类型,目前有TCP/UDP/ICMP/GRE/ESP/AH/ALLPROTOCOL,其中ALLPROTOCOL表示全部流量
  "PortMax":"123",                                         【可选】端口上限,创TCP/UDP协议的规则时为必选,值范围1-65535,但必须大于PortMin。其余协议为非必选(默认全部端口)
  "PortMin":"1",                                           【可选】端口下限,创TCP/UDP协议的规则时为必选,值范围1-65535,但必须小于PortMax。其余协议为非必选(默认全部端口)
  "Description":"xxoo"                                     【可选】安全组规则描述
}

创建一条授权给安全组的规则
{
  "SecurityGroupId":"01fc62fa-1db8-47c2-baa3-e84e3213712c",【必选】要在哪个安全组里创建规则
  "Direction":"ingress",                                   【必选】安全组规则的方向,ingress表示入方向,egress表示出方向
  "Protocol":"TCP",                                        【必选】协议类型,目前有TCP/UDP/ICMP/GRE/ESP/AH/ALLPROTOCOL,其中ALLPROTOCOL表示全部流量                         
  "PortMax":"123",                                         【可选】端口上限,创TCP/UDP协议的规则时为必选,值范围1-65535,但必须大于PortMin。其余协议为非必选(默认全部端口)
  "PortMin":"1",                                           【可选】端口下限,创TCP/UDP协议的规则时为必选,值范围1-65535,但必须小于PortMax。其余协议为非必选(默认全部端口)
  "Description":"xxoo",                                    【可选】安全组规则描述
  "AuthorizedSecurityGroupId":"8de39b4c-71a6-4bdd-b6db-d7b5614070c7" 【必选】要授权的安全组
}

响应示例:

{
    "RequestId": "4e8cadf3-6a2c-4c0d-a6d7-676cdc6dc05e",
    "SecurityGroupRule": {
        "Description": null,
        "Id": "d069cad3-12b2-46c9-a130-7b50285bfd68",
        "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
        "Direction": "ingress",
        "Protocol": "TCP",
        "PortMin": "100",
        "PortMax": "100",
        "IpRange": "0.0.0.0/0",
        "AuthorizedSecurityGroupId": "-",
        "SecurityGroupRuleType": "User",
        "CreateAt": "2018-11-22T09:01:04Z",
        "UpdateAt": "2018-11-22T09:01:04Z"
    }
}

更多响应示例:

创建一条授权给IpRange的规则:


{
    "RequestId": "82565199-8d89-4110-848a-e4390430610f",
    "SecurityGroupRule": {
        "Description": "xxoo",
        "Id": "ebb8f50e-d174-44f4-8103-cc44abf81569",
        "SecurityGroupId": "01fc62fa-1db8-47c2-baa3-e84e3213712c",
        "Direction": "ingress",
        "Protocol": "TCP",
        "PortMin": "1",
        "PortMax": "123",
        "IpRange": "192.168.1.0/28",
        "AuthorizedSecurityGroupId": "-",
        "SecurityGroupRuleType": "User",
        "CreateAt": "2017-10-27T11:04:43Z",
        "UpdateAt": "2017-10-27T11:04:43Z"
    }
}

创建一个授权给安全组的规则:

{
    "RequestId": "07478bae-e278-4767-a47e-df84795f6f62",
    "SecurityGroupRule": {
        "Description": "xxoo",
        "Id": "382cca66-fff7-4391-a12b-1020da05351f",
        "SecurityGroupId": "01fc62fa-1db8-47c2-baa3-e84e3213712c",
        "Direction": "ingress",
        "Protocol": "TCP",
        "PortMin": "1",
        "PortMax": "123",
        "IpRange": "-",
        "AuthorizedSecurityGroupId": "8de39b4c-71a6-4bdd-b6db-d7b5614070c7",
        "SecurityGroupRuleType": "User",
        "CreateAt": "2017-10-27T11:04:43Z",
        "UpdateAt": "2017-10-27T11:04:43Z"
    }
}

常见错误:

参数无效:

{
    "Code": "InvalidParameterValue",
    "Message": "Direction is invalid",
    "RequestId": "96011523-8259-43ba-9e1d-06345e6cd46d",
    "Result": ""
}

提交的数据不是json:

{
    "Code": "HttpMessageNotReadable",
    "Message": "Request http message is not readable",
    "RequestId": "9d27a60d-7d66-4248-8d6e-fc94b61dcad4",
    "Result": "Could not read document: Unexpected character ('\"' (code 34)): was expecting comma to separate Object entries\n at [Source: (PushbackInputStream); line: 8, column: 4]; nested exception is com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\"' (code 34)): was expecting comma to separate Object entries\n at [Source: (PushbackInputStream); line: 8, column: 4]"
}

2. DeleteSecurityGroupRule

接口方法:GET

请求示例:

https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=DeleteSecurityGroupRule&Id=d069cad3-12b2-46c9-a130-7b50285bfd68

url 参数:

参数是否必选说明
VersionAPI 版本号
ActionDeleteSecurityGroupRule,删除安全组规则
Id安全组规则ID,可通过接口 ListSecurityGroupRule 查看

响应示例:

{
    "RequestId": "1b6e579d-2afc-40c7-a864-0e0fc50833ae",
    "SecurityGroupRule": {
        "Description": null,
        "Id": "d069cad3-12b2-46c9-a130-7b50285bfd68",
        "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
        "Direction": "ingress",
        "Protocol": "TCP",
        "PortMin": "100",
        "PortMax": "100",
        "IpRange": "0.0.0.0/0",
        "AuthorizedSecurityGroupId": "-",
        "SecurityGroupRuleType": "User",
        "CreateAt": "2018-11-22T09:01:04Z",
        "UpdateAt": "2018-11-22T09:01:04Z"
    }
}

常见错误:

{
    "Code": "MissingParameter",
    "Message": "Empty necessary param",
    "RequestId": "d052dfd9-0830-49b1-a2ec-9c4b45c4d751",
    "Result": "Required String parameter 'Id' is not present"
}

3. ModifySecurityGroupRule

接口方法:POST

请求示例:

https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=ModifySecurityGroupRule 
-d '{
    "Id":"a8e6ddd0-d58f-40b1-a797-73dd233a42bf",
    "Description":"test description"
}'

url 参数:

参数是否必选说明
VersionAPI 版本号
ActionModifySecurityGroupRule,修改安全组规则

body 参数:

参数名称说明参数类型是否必填备注
Description安全组规则描述。长度[0,100]string
Id安全组规则Idstring

响应示例:

{
    "RequestId": "d41a32ce-f2bc-44ff-a7f5-04c6ab8cedaf",
    "SecurityGroupRule": {
        "Description": "test description",
        "Id": "a8e6ddd0-d58f-40b1-a797-73dd233a42bf",
        "SecurityGroupId": "8de39b4c-71a6-4bdd-b6db-d7b5614070c7",
        "Direction": "ingress",
        "Protocol": "ALLPROTOCOL",
        "PortMin": "-",
        "PortMax": "-",
        "IpRange": "1.1.1.1/5",
        "AuthorizedSecurityGroupId": "-",
        "SecurityGroupRuleType": "User",
        "CreateAt": "2017-08-03T09:31:44Z",
        "UpdateAt": "2017-08-03T09:31:44Z",
    }
}

4. ListSecurityGroupRule

接口方法:GET

请求示例:

https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=ListSecurityGroupRule&SecurityGroupId=cd2290b8-989c-491f-baee-4ee392b32eaf

url 参数:

参数是否必选说明
VersionAPI 版本号
ActionListSecurityGroupRule,获取安全组规则列表
SecurityGroupId必选安全组id
Limit可选返回个数,不填默认20
Offset可选总偏移量,不填默认0
KeyWord可选模糊搜索参数,可选,匹配范围为:方向direction, securityGroupRuleId , ip范围 remoteIpPrefix, 描述description, 协议protocol

响应示例:

{
    "Count": 11,
    "SecurityGroupRules": [
        {
            "Description": null,
            "Id": "1eecc492-6b64-4925-8e37-ebbea20a5925",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "443",
            "PortMax": "443",
            "IpRange": "-",
            "AuthorizedSecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-11-21T02:04:04Z",
            "UpdateAt": "2018-11-21T02:04:04Z"
        },
        {
            "Description": null,
            "Id": "915c03ff-97d2-461d-96d7-ee0aee0420b8",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "80",
            "PortMax": "80",
            "IpRange": "-",
            "AuthorizedSecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-11-21T02:03:27Z",
            "UpdateAt": "2018-11-21T02:03:27Z"
        },
        {
            "Description": null,
            "Id": "d406d468-27c4-4a33-ad2d-0ce3663e82d1",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "9200",
            "PortMax": "9200",
            "IpRange": "-",
            "AuthorizedSecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-11-21T01:49:31Z",
            "UpdateAt": "2018-11-21T01:49:31Z"
        },
        {
            "Description": null,
            "Id": "fc70e2a2-0fa9-45e2-91aa-d50544565fbe",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "3306",
            "PortMax": "3306",
            "IpRange": "0.0.0.0/0",
            "AuthorizedSecurityGroupId": "-",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-10-22T08:04:27Z",
            "UpdateAt": "2018-10-22T08:04:27Z"
        },
        {
            "Description": null,
            "Id": "1b501c67-e0ee-422b-a849-2ff3cfb33cf3",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "23",
            "PortMax": "23",
            "IpRange": "0.0.0.0/0",
            "AuthorizedSecurityGroupId": "-",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-10-12T03:08:17Z",
            "UpdateAt": "2018-10-12T03:08:17Z"
        },
        {
            "Description": null,
            "Id": "5a8b2b36-34f8-46dc-ae5a-bfeacfbc11f9",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "1194",
            "PortMax": "1194",
            "IpRange": "0.0.0.0/0",
            "AuthorizedSecurityGroupId": "-",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-10-10T04:40:00Z",
            "UpdateAt": "2018-10-10T04:40:00Z"
        },
        {
            "Description": null,
            "Id": "45e482f9-205b-4399-8877-b6eec229c539",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "3389",
            "PortMax": "3389",
            "IpRange": "0.0.0.0/0",
            "AuthorizedSecurityGroupId": "-",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-10-09T02:32:29Z",
            "UpdateAt": "2018-10-09T02:32:29Z"
        },
        {
            "Description": null,
            "Id": "5ff654d7-9f42-4d46-bdfd-456d2989019e",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "22",
            "PortMax": "22",
            "IpRange": "0.0.0.0/0",
            "AuthorizedSecurityGroupId": "-",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-10-08T01:49:13Z",
            "UpdateAt": "2018-10-08T01:49:13Z"
        },
        {
            "Description": null,
            "Id": "3da691d2-5666-4f37-ac7a-4a9b0c71cb43",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "ICMP",
            "PortMin": "-",
            "PortMax": "-",
            "IpRange": "0.0.0.0/0",
            "AuthorizedSecurityGroupId": "-",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-10-06T04:14:45Z",
            "UpdateAt": "2018-10-06T04:14:45Z"
        },
        {
            "Description": null,
            "Id": "eabfbb91-3eab-4a9a-b947-5ad20d1be731",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "TCP",
            "PortMin": "8080",
            "PortMax": "8080",
            "IpRange": "-",
            "AuthorizedSecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "SecurityGroupRuleType": "User",
            "CreateAt": "2018-09-19T06:14:50Z",
            "UpdateAt": "2018-09-19T06:14:50Z"
        },
        {
            "Description": null,
            "Id": "addb49ad-733b-4452-a9f7-d36c9d898eac",
            "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
            "Direction": "ingress",
            "Protocol": "ALLPROTOCOL",
            "PortMin": "-",
            "PortMax": "-",
            "IpRange": "192.168.0.0/16",
            "AuthorizedSecurityGroupId": "-",
            "SecurityGroupRuleType": "System",
            "CreateAt": "2018-08-02T02:27:05Z",
            "UpdateAt": "2018-08-02T02:27:05Z"
        }
    ],
    "Offset": 0,
    "RequestId": "a6f502a4-1cf5-4f88-84e4-f6f3f68bbfc3",
    "Limit": 20
}

常见错误:

缺少必要参数:


{
    "Code": "MissingParameter",
    "Message": "Empty necessary param",
    "RequestId": "4416f054-391f-431e-a940-6d7aa969b3ab",
    "Result": "Required String parameter 'SecurityGroupId' is not present"
}

参数错误,如安全组不属于当前租户:

{
    "Code": "InvalidParameterValue",
    "Message": "Security group is not found",
    "RequestId": "2bee2439-5eb2-4fb9-be1d-d8ab3d91ec9e",
    "Result": ""
}

5. GetSecurityGroupRule

接口方法:GET

请求示例:

https://open.cn-east-1.163yun.com/vpc?Version=2017-11-30&Action=GetSecurityGroupRule&Id=addb49ad-733b-4452-a9f7-d36c9d898eac

url 参数:

参数是否必选说明
VersionAPI 版本号
ActionGetSecurityGroupRule,获取指定的安全规则详情
Id安全规则ID

body 参数:

响应示例:

{
    "RequestId": "f65304df-8fc9-4b75-b407-c9cdb4e4e025",
    "SecurityGroupRule": {
        "Description": null,
        "Id": "addb49ad-733b-4452-a9f7-d36c9d898eac",
        "SecurityGroupId": "cd2290b8-989c-491f-baee-4ee392b32eaf",
        "Direction": "ingress",
        "Protocol": "ALLPROTOCOL",
        "PortMin": "-",
        "PortMax": "-",
        "IpRange": "192.168.0.0/16",
        "AuthorizedSecurityGroupId": "-",
        "SecurityGroupRuleType": "System",
        "CreateAt": "2018-08-02T02:27:05Z",
        "UpdateAt": "2018-08-02T02:27:05Z"
    }
}

常见错误:

{
    "Code": "MissingParameter",
    "Message": "Empty necessary param",
    "RequestId": "bd3f5456-dfa3-41d6-9afa-07a2e40bfa3b",
    "Result": "Required String parameter 'Id' is not present"
}