Shulou(Shulou.com)06/02 Report--

This article will explain in detail the access permissions for specifying the inbound direction of the security group, and what is the example of allowing or denying traffic from other devices to send traffic to the security group. The editor thinks it is very practical, so I share it with you as a reference. I hope you can gain something after reading this article.

AuthorizeSecurityGroup

Add a security group entry direction rule. Specify the access permissions for the inbound direction of the security group, and allow or deny other devices to send inbound traffic to the instances in the security group.

Description

We define the initiator of inbound traffic as the source (Source) and the receiver of data transmission as the destination (Destination), as shown in the following figure.

When calling this interface, you need to know:

The maximum number of security group rules for a security group is 100.

Security group rules are divided into two categories: access accepted (accept) and access denied (drop).

The optional range of security group rule priority (Priority) is [1,100]. A smaller number means a higher priority.

Security group rules with the same priority take precedence over access denied (drop) rules.

The source device can be a specified IP address range (SourceCidrIp) or an instance in another security group (SourceGroupId).

Any of the following sets of parameters can determine a security group rule, and specifying only one parameter cannot determine a security group rule. If a matching security group rule already exists, the AuthorizeSecurityGroup call fails.

Set the access permissions for the specified IP address range, such as request example 1: IpProtocol, PortRange, (optional) SourcePortRange, NicType, Policy, (optional) DestCiderIp and SourceCidrIp

Set access permissions for other security groups, such as request example 2: IpProtocol, PortRange, (optional) SourcePortRange, NicType, Policy, (optional) DestCiderIp, SourceGroupOwnerAccount and SourceGroupId

Request parameter

Return parameters

All are common return parameters. See common parameters.

Example

For more examples of setting up security group rules, see Application cases, typical applications of security group rules, and introduction to security group five-tuple rules.

Request example 1

Sets access to the specified IP address field. At this point, the network card type (NicType) of the classic network type security group can be set for public network (internet) and private network (intranet). The network card type (NicType) of the VPC type security group can only be set to the private network (intranet).

Https://ecs.aliyuncs.com/?Action=AuthorizeSecurityGroup&SecurityGroupId=sg-F876FF7BA&SourceCidrIp=0.0.0.0/0&IpProtocol=tcp&PortRange=1/65535&NicType=intranet&Policy=Allow&

Request example 2

Set access permissions for other security groups. At this point, the network card type (NicType) can only be private network (intranet). When you visit each other between security groups of classic network types, you can set the access permissions of other security groups in the same region to your security groups. This security group can be yours or another Ali Cloud account (SourceGroupOwnerAccount). When you exchange visits between VPC type security groups, you can set the access permissions for other security groups within the same VPC to access that security group.

Https://ecs.aliyuncs.com/?Action=AuthorizeSecurityGroup&SecurityGroupId=sg-F876FF7BA&SourceGroupId=sg-1651FBB64&SourceGroupOwnerAccount=test@aliyun.com&IpProtocol=tcp&PortRange=1/65535&NicType=intranet&Policy=Drop&

Return the example

XML format

CEF72CEB-54B6-4AE8-B225-F876FF7BA984

JSON format

{"RequestId": "CEF72CEB-54B6-4AE8-B225-F876FF7BA984"}

Error code

The following are the error codes specific to this API. For more error codes, please visit the API error Center.

With regard to the access permission to specify the inbound direction of the security group, this is the example that allows or denies other devices to send traffic in the inbound direction to the security group. I hope the above content can be helpful to everyone and learn more. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.